February 22, 2017 By David Strom 2 min read

Too often there is bad blood between the defenders and the fixers of corporate security. Remediation and security teams are often at odds with each other, with different perspectives, tools and ways to operate. Kenna Security laid out the issues and suggested ways for the two sides to bury the virtual hatchet and try to get along better.

Uniting Remediation and Security Teams

Some corporate managers see the security folks as part of the problem, but rarely as part of the solution. The defensive teams are responsible for identifying the risks, vulnerabilities and threats confronting the business, but they aren’t usually responsible for actually addressing those issues. Instead, they are viewed as the human equivalent of a frequent car alarm — always going off when the wind shifts or crying wolf at false red flags that don’t really identify actionable issues.

The defenders need the remediation teams — the individuals who typically don’t have security in their titles but are essential players in security nevertheless. These are the folks who have to clean up after an infection, update Windows after Patch Tuesday revelations, handle router firmware upgrades and perform other chores to keep the infrastructure humming along. They can come from many departments, including application developers, system administrators, DevOps leads and network operations center staffers, just to name a few.

Communication Breakdown

Not helping matters is how the defenders communicate with the remediators. A defender might, for example, send a huge, hundred-plus page report to someone with a note saying, “Fix these things” without even so much as a “please.” In another situation, defenders may run a vulnerability scanner that shows thousands of issues that need fixing. That has to change.

The time has come to put together a mechanism to bring both sides to a common goal. Defenders and remediators must work to understand where the other team is coming from and apply a little empathy to bridge the gap. There has to be agreement on common metrics to measure everyone’s success and a closed feedback loop so the two sides can monitor progress.

Shifting Perspective

For the two teams to collaborate effectively, they need to assess remediation resources and align them so that both defenders and the remediators are covered. For example, instead of listing hundreds of vulnerabilities, security teams should provide prescriptive direction, specifying which patches need to be applied to which servers.

The reality, according to the Kenna Security post, is that “100 percent, foolproof, absolute security isn’t a realistic goal, and if security is focused on that as an objective, they’re only setting everyone up for failure.” It is time to change that perception and perspective.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today