For most organizations, a lot of technology is working in the background to keep the company running. The teams in charge of the network have a big challenge: they must keep everything running efficiently and up to date while keeping all firewalls and network devices secure. This has become increasingly challenging in recent years; between public and private clouds, OT and IoT devices, the surge in employees working from home, and legacy on-prem assets, the list of potentially vulnerable devices seems endless. It’s no wonder that the top recommendations from The Center for Internet Security (CIS)1 are the inventory and control of enterprise and software assets.
To make things more complicated, the IT and network teams – network ops, network infrastructure, and network security – often report to different managers and have separate goals and priorities from the security team. At best, this leads to a lack of communication and coordination between the groups and, at worst, outright animosity, which results in a greater risk of security breach.
A recent report2 found that only 10% of the 1,000 IT risk, compliance, and security professionals surveyed have an integrated view of how to manage their risk. Whether the network team doesn’t have the proper security context for changes they are making or the security team isn’t using network controls enough to mitigate vulnerabilities until they can be patched, these misfires in communication can be costly for organizations. Something as simple as an internet-exposed network path to a vulnerable asset can give cybercriminals a window to enter your organization and cause significant damage.
While the silos may not be able to be completely avoidable, there are ways to create better synchronization between your teams so that the organization is proactive in its continuous exposure management.
Here are our three tips to successfully navigate the relationship between infrastructure and security teams.
#1 · Speak the Same Language
In many organizations, the security team and the network team don’t just work in silos – they speak entirely different languages. Security talks about vulnerabilities, and the network team focuses on mitigation and configuration.
Take vulnerability scans. When the security team runs their regular vulnerability scans, they typically send a long list to the network and IT teams. However, without the security team providing adequate threat and business context, the network and IT teams often defer to their own patch methodology rather than try to prioritize based on risk to the business.
On the other hand, when the network team needs to reconfigure firewall rules or network access, they may not be aware of the potential cyber exposure introduced by these changes. They are focused on the requirements from the network operation perspective or the compliance ramifications if they fall behind; they don’t have visibility into the security risks that may occur when these changes are made.
Teams should meet and agree to focus on context and data, not just technology, to find common ground. Whether it’s the security team providing details about how to prioritize vulnerability remediations or the network team reviewing network changes for potential cyber exposure risk, it ensures that both teams are involved and helps them better understand each team’s priorities, challenges, and concerns. Creating this open communication between the two teams – a common language, so to speak – can help the two teams work together to ensure the organization’s protection.
#2 · Define the Common Goals
Once teams meet regularly and openly communicate, it’s an excellent time to define and document shared goals and priorities. This includes what data sources will be leveraged to determine context and risk and how to mitigate risks during the patch lags (the timeframe between each scheduled patching window). The network team can often find alternative compensating controls, such as segmenting a network or adding an ISP/IDS signature, that will significantly lower the risk to the business until a permanent remediation is attained. Finding alternatives to implement during these gaps benefits both teams.
Organizations should establish solid relationships between the executive teams in charge of these groups, often the CISO and CIO, for better operational alignment. Strategies and goals should be outlined with input from both groups, creating a shared vision for the company. Once defined and documented, both teams will be fully invested in the process and work together to secure the organization better. Alignment between the silo-leading executives is critical for improving security and moving the business forward with minimal chance of disruption.
#3 · Deploy Information Sharing Tools
For many organizations, the volume of security and vulnerability data that comes into the network and security teams is unmanageable. It is common for organizations to identify hundreds of thousands of security vulnerabilities, many of which have high or critical status. Teams feel overwhelmed and need more direction to ensure they focus on the vulnerabilities that pose the most significant risk for the organization. Often, organizations purchase different point solutions to help them mitigate this problem and better focus their teams. But when you stack solutions on top of each other, you often end up with conflicting recommendations and more noise.
For example, it is not uncommon for an organization to have multiple security data and vulnerability management tools. In addition, various tools are available for cyber asset management, vulnerability prioritization, and security policy management, each with different methods for filtering and prioritizing data. This can make it challenging for teams to determine where the greatest risks are and what mitigation and remediation actions will have the biggest impact.
Find a unified solution that acts as a shared security data repository for all the relevant teams. This helps them simplify the work and provides one single source of truth (as a bonus, you can pool your budgets together). By having a solution that does multi-source aggregation, all your systems will speak to one another, and you can prioritize vulnerabilities using all the best data from each of your platforms. This solution should also help you understand the security risk for each recommended patch and provide alternative mitigation and remediation options. This allows the network team to be conscious of the security implications of a change and factor this in when a potential risk is flagged, while the security team can better mitigate risk when patching takes too long.
Ultimately, it’s important to remember that cybersecurity is everyone’s responsibility in the organization. However, the critical roles played by the network and security teams pave the way for the rest of the company. By working together as a joint defense against cybercriminals, network and security teams make their jobs more manageable while, at the same time, helping their company be more secure.
Skybox’s Vulnerability and Threat Management solution, as a part of the Continuous Exposure Management platform, has helped bridge this gap for hundreds of organizations like yours. Our proactive approach to cybersecurity works by aggregating data from multiple silos and data sources in your environment and compiling them in one place as your single source of truth.