Bridging the Gap Between Security and Operations

The visibility gap between IT Security and IT Operations has historically been a challenge for both teams. IT Security is tasked with the responsibility of creating a strategic vision for mitigating risk to the business through the creation and enforcement of standards and policies. However, IT Operations sometimes struggles to get their hands on the relevant information and context required for proper and timely remediation.  While IT Security speaks “vulnerabilities,” IT Ops speaks “patches” and the relationship between patches and vulnerabilities is not always one-to-one.

To prevent data breaches, security teams need to be able to patch more quickly. However, a recent survey produced by the Ponemon Institute indicates that security professionals are “being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.” The report also revealed an average of 12.3 days lost coordinating across teams for every vulnerability they patch. Reasons for this lag include:

• Having no common view of assets and applications across security and IT (66%)
• Things slip through the cracks because email sand spreadsheets are used to manage the patching process (55%)
• There is no easy way to track whether vulnerabilities are being patched in a timely manner (71%)

By breaking down the process and data barriers between teams and automating manual activities, security organizations have the opportunity to dramatically accelerate the remediation process—and to decrease the risk of being breached.

Expanding the prioritization of vulnerabilities beyond CVSS to include threat intelligence and business context is gaining popularity as a mainstream practice. Another startling statistic from the Ponemon Institute reports, 74% of financial services respondents “find it difficult to prioritize what needs to be patched first.”  In order to accurately prioritize vulnerabilities, you need to know both the severity and the types of business systems impacted. However, since these two important pieces of information typically reside in their separate security/IT silos, how do you ensure that information is shared and correlated?

NorthStar Navigator helps break down these silos and empowers both teams to effectively work together towards the common goal of protecting the business. Through the aggregation of data from all of your IT security and relevant IT tools, NorthStar automatically normalizes, applies context, and intelligently handles conflicts in data. By associating CVE ID with patch ID and other remediation options, NorthStar reduces the visibility gap by translating risk into a common language for both the vulnerability management and patch management teams, effectively streamlining the remediation process.