Industry View
Centralizing Enterprise Security Operations and Management
Jeff Ahlerich of Looking Glass Systems looks at transcending the politics
By Jeff Ahlerich, Looking Glass Systems
In the "real world" example provided earlier, our Security Analyst's hands were politically tied, and he could not perform remediation activities (even if he had the technology to do it). Recall that in this common example, the SOC Analysts were just that—Analysts only. They had no operational authority of any consequence as it related to actual preventative endpoint security posture maintenance or remediation. Their job was to drink from the fire hose of aggregate security event data and to separate authentic incidents from false positive events. Their job was to formulate remediation prescriptions for affected devices, to hunt down the appropriate system administrators for such devices, and to disseminate the developed remediation prescriptions. Finally, their job was to follow up with these individuals until it could be verified that the remediation activity had been successfully applied.
Imagine if an enterprise security management platform were in place that could facilitate and control the delegation of specific roles and the collaboration across these groups, as well as authorize and track activities among individuals and groups of systems with intuitive ease and simplicity.
Conclusion
In a perfect world (and typically as drawn up on paper) centralization of the enterprise security operations function is straightforward to implement — and it generally is, until you factor in the human elements. In reality, transitioning to the centralization model will always face certain operational challenges from potentially impacted interests for a variety of reasons. These interests respond to centralized security management models with a predictable reluctance to support the implementation due to a perceived threat of reduced control over their environments, or simply a natural resistance to change.
The Centralized Enterprise Security model should not be characterized as a false panacea by any means because of these challenges. Instead, it should be understood that the model is a politically ambitious one to achieve, and why. For these initiatives to have the best chance at realizing the efficiency and/ or effectiveness gains they promised to deliver in concept — the solutions adapted at their core must be in a position to accommodate. The security management platform at the root of their design must promote organizational cooperation, for only by leveraging platforms with such capabilities can politically motivated barriers be easily overcome. Empowering and accommodating not only the central security entity, but also any other IT organization with significant interests at stake, promotes inclusion, cooperation, and enables the centralized security model to be a success.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
