Eliminating silos between InfoSec and IT Ops
Why can’t your InfoSec and IT Ops teams see eye-to-eye?
When organizations maintain a division between IT Ops and InfoSec, you end up with different methodologies, tools, and processes. This creates significant issues when remediating vulnerabilities and addressing compliance.
Difference in automation tools
For instance, vulnerabilities can be exposed and exploited at a breakneck pace. To stay on top of this, InfoSec teams use sophisticated tools to scan, test, and audit networks, systems, and services. On the other hand, IT Ops teams still use manual processes to remediate detected vulnerabilities. This gap between detection and remediation of vulnerabilities slows down the entire workflow, making it inefficient and potentially exposing the infrastructure to external attacks.
Diverse and complex environments
Also, diversity of systems and environments, such as different operating systems or different cloud providers, adds to the complexity of both vulnerability detection and remediation. As infrastructure expands and grows, IT teams that lack automated asset discovery can quickly lose track of crucial services and resources. This not only slows the detection of vulnerabilities; it can stall or even hinder remediation efforts.
Finally, when teams fail to share tools, techniques, and standards, communication challenges are exacerbated. Without strong communication between IT Ops and InfoSec, neither understand those critical processes for which the other is responsible, thereby making it difficult to realize the urgency of vulnerability remediation and critical vulnerabilities will not get remediated in time.
##Break down the barriers and open up the opportunity to build a continuous process
In order to keep infrastructure safe and secure, IT operations and security teams must align their efforts to track vulnerabilities, detect them, and remediate when needed. Where should you start?
Start with small projects
Implement the first steps of automation with a few small projects to help improve collaboration between IT Ops and InfoSec. It’s a great way to help build workflows that work for both teams. This helps them collaborate and stay synchronized through the remediation process.
A great example of small projects that can be undertaken are simple remediation tasks that can be transformed from manual processes to automated scripts. Simple tasks could involve correcting firewall configurations, patching vulnerable services, or even installing intrusion detection tools. With IT Ops and InfoSec working together, these remediation scripts can be tied to automated vulnerability detection so issues are fixed as they are found — immediately and automatically.
Once a simple task is automated, it’s no longer a distraction. The more time automation frees up, the more it will become a core part of your security and IT culture.
Simplify the handover with sharing
Once you begin communicating better, you are ready to simplify handovers by sharing data and tools. Collaboration encourages the use of automation to remove manual processes during handovers.
By employing automation, you continually improve the remediation process and cooperation between your IT Ops and InfoSec teams. As improvements continue, remediation becomes faster, and familiarity with automation enables IT Ops to reduce the number of vulnerabilities encountered in your infrastructure as it grows and evolves.
##Tools that can help
When your team is ready for automation, Puppet Remediate can take the manual work out of vulnerability remediation. It’s the perfect tool to bridge the communication and tools gap between IT Ops and InfoSec. With Puppet Remediate, you can:
- Share vulnerability data by integrating with scanning tools like Tenable, Qualys, and Rapid7
- Perform risk-based prioritization within a single dashboard based on infrastructure context
- Take immediate action on vulnerabilities with agentless tasks you can run on Linux or Windows hosts
- Upload your own scripts or use modules from the Puppet Forge
An IT Ops team probably has dozens of scripts floating around. Bolt is an open source orchestration tool that automates the manual work it takes to maintain your infrastructure. With Bolt, existing scripts can be quickly converted into automated tasks or orchestrated plans, and even into permanent infrastructure configuration with Puppet Enterprise. With Bolt, you can:
- Patch and update systems
- Troubleshoot servers
- Deploy applications
- Start and restart services
Bolt can be installed on your local workstation and connects directly to remote targets with SSH or WinRM, so you are not required to install any agent software.
With Puppet Enterprise, you can standardize your technology stack and reduce variation so there are fewer vulnerabilities to exploit. Do you have four different versions of Windows, all with different configurations? How many versions of Linux? The best defense is a good offense, and with Puppet Enterprise you can proactively harden your resources to comply with security standards. With Puppet Enterprise, you can:
- Harden your systems and ensure compliance
- Build security, compliance, and operational policies with policy-as-code
- Trace intent and verification
- Automatically remediate unexpected changes
- Prove compliance faster
We would love to hear from you about how you are remediating vulnerabilities today and discuss how we can help. Reach out on the Puppet Community Slack or email firstname.lastname@example.org and share your ideas.
Simone Van Cleve is a senior marketing programs manager at Puppet.