One of my favourite cult classic movies was an obscure, but star studded picture calledshaking-hands-2499618_1280.jpg Mars Attacks. In the movie, Jack Nicholson plays the President of the United States trying to make peace with the vicious Martians. In his final scene, he makes an impassioned speech to the Martian leader with his final line being “why can’t we all just get along?” The Martian leader’s response was a tear and an “Ack-Ack,” followed by killing President Jack.

This scene is all too often paralleled in real life, with the opposing roles played by Security and IT. While they may not vaporize each other, they do operate under diametrically opposed missions. Security’s job is to keep the company safe – full stop. If they had their way, access to systems would be very tightly controlled and an almost weekly patching routine would be implemented, slowing the enterprise to a crawl. IT on the other hand is tasked with keeping the company up and running. They view patching as a necessary evil that consumes precious time and resources that they could focus on more innovative projects.

Unfortunately, recent high profile cybersecurity threats have brought the importance of patching known vulnerabilities to the forefront and have exposed just how big of a challenge both security and IT face. While industry metrics vary widely, the average time known vulnerabilities remain unpatched is over 180 days. In a recent discussion with a cybersecurity executive at a leading utility company, he estimated that it was actually a bit higher at 187 days, and shared that they have an ongoing project to reduce that number to 90 days over the next year. While that would be an impressive improvement, that still leaves the organization exposed to known vulnerabilities for over three months – ample time for cyberthreats to wreak havoc.

He went on to say that one of his biggest challenges was prioritizing known vulnerabilities, having his colleagues in IT Operations acknowledge their ranking, and then allocating scarce resources to patching the at-risk assets. One of the fundamental challenges he faces is aggregating all of his threat and vulnerability information into a central location and then presenting it in a format that IT Operations can integrate and consume in their ITSM and ITOM tools. While he recognized there are also a number of fundamental cultural and cross-silo process challenges to overcome, he felt that integrating this information would go a long way to improving the problem.
Early during the development of Online’s Security Integration Framework, we identified BMC’s SecOps Response Service (previously known as BladeLogic Threat Director) as the best solution in the industry to address these challenges. This solution allows the integration, analysis, and automation of remediation activities to be managed in an environment that fosters collaboration between Security and IT. Out of the box integrations to vulnerability scanners, BMC Discovery, BMC Atrium CMDB, and automation tools such as BladeLogic and SCCM both on premise and in the cloud, allow for quick wins in the battle to improve vulnerability remediation times.
The granular ability to control access to information and actions within the solution also help to foster trust and collaboration between IT and Security. While fundamental components of Online’s Security Integration Framework such as process re-design and OCM are still important for long term maturity, BMC’s SecOps Response Service is a vital tool in the fight against cyber threats.
Online is a longtime partner with BMC and we have tightly integrated BMC Discovery into our Online Security Integration Framework. To learn more about how Online and BMC can help improve your security posture, visit our Security Integration Framework Resource Centre.

Leave a Reply