How BMC Remedy Brings Value to SecOps
Every company is a target for malicious actors who are seeking to gain access to valuable data, or to damage critical systems. With the average price of a data breach now standing at $4 million, security is everyone’s responsibility. ITSM has an important role to play, and can bring significant value to the Security Operations process. According to a new BMC/Forbes report, “Enterprises Re-Engineer Security in the Age of Digital Transformation”, 68% of CIOs and CISOs plan to enhance their security incident response capabilities in the next 12 months. With world-class user experience, seamless cross-team collaboration, and security-specific integrations, BMC Remedy Service Management can be core to that incident response process.
One of the most critical aspects of SecOps is the detection and remediation of security vulnerabilities. It is rare that a week goes by without the discovery of a new “zero day” vulnerability. Once vulnerabilities are known, they are relentlessly sought out and exploited by nefarious parties. Patching vulnerabilities in critical enterprise systems is a never-ending process.
BMC’s Remedy Service Management integrates seamlessly with our server automation platform to ensure that IT Service Management is a full stakeholder in the security remediation process. A remediation is, after all, a change to a system, and hence it is frequently important to understand, track and report on these activities alongside other changes to systems (for example, enterprises in regulated environments may be required to report on all changes made to some or all of their servers). At the same time, it is vital to make the process of remediation as frictionless as possible. Arbitrary delays in the process could result in significant damage. BMC’s integrated solution ensures full visibility of remediation changes, while enabling the job to get done without hindrance:
- Data center operations staff set up the remediation jobs in the BladeLogic Server Automation console.
- Seamless integration with BMC Remedy ensures that infrastructure change records are created automatically.
- Change Managers can configure these changes for fast-track or automated approval, removing any unnecessary delays.
- Impacted services and business applications are automatically detected and added to the change record, giving visibility of the risk and impact to key services, and enabling proactive communication to customers and stakeholders.
It is important to remember, however, that data breaches are not always the direct result of a vulnerability in a digital system. Human actions, whether careless or malicious, are another major cause of corporate data breaches. BMC Remedy’s out-of-box integration with Microsoft’s Data Loss Prevention (DLP) technology enables suspected data loss events to be detected, and managed as incidents in Remedy. When Office365 DLP detects a possible data policy breach, the Remedy ticket is created automatically. Each ticket is enriched with specific contextual data from DLP, such as the policies and rules which are suspected to have been broken, and any actions already taken. Confidential information is automatically masked unless a user has the appropriate role. This gives application and security teams all of the information they need to validate potential losses of confidential information, and to take the appropriate steps to remediate the issue.
BMC Remedy also enables the organization to implement another key recommendation in the BMC & Forbes Insights report: the encouragement of an enterprise-wide culture of security, involving not just the Information Technology department, but all users of computer systems within the business. Users can report suspicious behaviors and events to the service desk, or through a self-service console. This enables those events to be managed to a satisfactory outcome by security teams, who can fully analyze and prioritize the reported issues using BMC’s advanced security dashboard. To enable greater proactivity, knowledge articles are smoothly integrated, automatically providing end-users and support agents with guidance as they work. This gives the InfoSec team a powerful channel to communicate important security information, such as descriptions of common spear-pfishing emails. After all, better-informed users are much more difficult to fool.