In today's Whiteboard Wednesday, Rachit Kumar talks about the conflict between IT and security teams when it comes to vulnerability remediation.
In most organizations there is a very big communication gap when it comes to IT and security. Both teams have separate goals on a day to day basis. IT teams focus on keeping daily business operations up and running while security teams focus on keeping the company as secure as possible. When it comes time for the IT and security teams to work together to fix vulnerabilities is where the communication gap is the widest.
We have been working hard over here at Rapid7 to help bridge this gap with our vulnerability management solution Nexpose. In the latest release of Nexpose we have introduced our top remediation report which helps alleviate some very frustrating problems that both groups deal with regularly.
Security teams want to know how they can make the biggest impact on vulnerability remediation within their environment and which ones they can deal with later while IT teams just want concise directions on how to fix these vulnerabilities. This report solves both problems. Security teams can see that by fixing X amount of their top vulnerabilities that it will affect X amount of assets and lower their risk by X%. The report also gives precise instructions on how to remediate the vulnerabilities catering to a typical IT team's needs.
Read Video Transcript
Hi. My name is Rachit Kumar. I'm one of the security engineers over here at Rapid7, and today's Whiteboard Wednesday topic is the conflict between the IT and security team.
What exactly is the IT and security team responsible for? The IT team is responsible really to make sure that the business is up and functional and running the way it's supposed to be, so everything from taking care of patching in your environment, taking care of things such as work stations, laptops, servers, whatever you may have, just to make sure that the business is actually operable.
Now we have the other team, which is the security team. What is the security team responsible for? It's responsible for understanding the risks that lie in the organization, to make sure that those risks are taken care of as quickly and as efficiently as possible.
Now the problem lies in the communication between these two teams. The IT team is already overloaded with a lot of tasks and wants to make sure that everything is up and running, whereas the security team, which is more security-focused, security-centric, they want to make sure that hey my organization is not going to get hacked or breached.
Now the communication gap is where they're trying to convey a message to that team, but they're not doing so adequately. With the correct vulnerability management solution, you can quickly avert this problem altogether.
Usually what happens is the security team will hand off the IT team a very large report that has a lot of information that these guys don't necessarily care for. They just want to know what needs to be fixed, what's most important, and how do I fix it.
These guys will send this report and say, "Well, everything is important." But how do you make that more actionable? How do you make that more concise? Again, with the right vulnerability management solution, you can have an actual remediation report that's three to four pages in length at tops and talks about what exactly needs to be done, where does it need to be applied.
This keeps both the IT team and the security team happy because the IT team knows what they have to do without a lot of added fluff, whereas the security team also realizes okay, applying this many patches will take care of this many problems in my vulnerability that are affecting X amount of assets. Both parties are now covered, and you guys are on the same page.
Thank you for joining us this week. We'll see you next week.