February 22, 2017 By David Strom 2 min read

Too often there is bad blood between the defenders and the fixers of corporate security. Remediation and security teams are often at odds with each other, with different perspectives, tools and ways to operate. Kenna Security laid out the issues and suggested ways for the two sides to bury the virtual hatchet and try to get along better.

Uniting Remediation and Security Teams

Some corporate managers see the security folks as part of the problem, but rarely as part of the solution. The defensive teams are responsible for identifying the risks, vulnerabilities and threats confronting the business, but they aren’t usually responsible for actually addressing those issues. Instead, they are viewed as the human equivalent of a frequent car alarm — always going off when the wind shifts or crying wolf at false red flags that don’t really identify actionable issues.

The defenders need the remediation teams — the individuals who typically don’t have security in their titles but are essential players in security nevertheless. These are the folks who have to clean up after an infection, update Windows after Patch Tuesday revelations, handle router firmware upgrades and perform other chores to keep the infrastructure humming along. They can come from many departments, including application developers, system administrators, DevOps leads and network operations center staffers, just to name a few.

Communication Breakdown

Not helping matters is how the defenders communicate with the remediators. A defender might, for example, send a huge, hundred-plus page report to someone with a note saying, “Fix these things” without even so much as a “please.” In another situation, defenders may run a vulnerability scanner that shows thousands of issues that need fixing. That has to change.

The time has come to put together a mechanism to bring both sides to a common goal. Defenders and remediators must work to understand where the other team is coming from and apply a little empathy to bridge the gap. There has to be agreement on common metrics to measure everyone’s success and a closed feedback loop so the two sides can monitor progress.

Shifting Perspective

For the two teams to collaborate effectively, they need to assess remediation resources and align them so that both defenders and the remediators are covered. For example, instead of listing hundreds of vulnerabilities, security teams should provide prescriptive direction, specifying which patches need to be applied to which servers.

The reality, according to the Kenna Security post, is that “100 percent, foolproof, absolute security isn’t a realistic goal, and if security is focused on that as an objective, they’re only setting everyone up for failure.” It is time to change that perception and perspective.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today