February 22, 2017 By David Strom 2 min read

Too often there is bad blood between the defenders and the fixers of corporate security. Remediation and security teams are often at odds with each other, with different perspectives, tools and ways to operate. Kenna Security laid out the issues and suggested ways for the two sides to bury the virtual hatchet and try to get along better.

Uniting Remediation and Security Teams

Some corporate managers see the security folks as part of the problem, but rarely as part of the solution. The defensive teams are responsible for identifying the risks, vulnerabilities and threats confronting the business, but they aren’t usually responsible for actually addressing those issues. Instead, they are viewed as the human equivalent of a frequent car alarm — always going off when the wind shifts or crying wolf at false red flags that don’t really identify actionable issues.

The defenders need the remediation teams — the individuals who typically don’t have security in their titles but are essential players in security nevertheless. These are the folks who have to clean up after an infection, update Windows after Patch Tuesday revelations, handle router firmware upgrades and perform other chores to keep the infrastructure humming along. They can come from many departments, including application developers, system administrators, DevOps leads and network operations center staffers, just to name a few.

Communication Breakdown

Not helping matters is how the defenders communicate with the remediators. A defender might, for example, send a huge, hundred-plus page report to someone with a note saying, “Fix these things” without even so much as a “please.” In another situation, defenders may run a vulnerability scanner that shows thousands of issues that need fixing. That has to change.

The time has come to put together a mechanism to bring both sides to a common goal. Defenders and remediators must work to understand where the other team is coming from and apply a little empathy to bridge the gap. There has to be agreement on common metrics to measure everyone’s success and a closed feedback loop so the two sides can monitor progress.

Shifting Perspective

For the two teams to collaborate effectively, they need to assess remediation resources and align them so that both defenders and the remediators are covered. For example, instead of listing hundreds of vulnerabilities, security teams should provide prescriptive direction, specifying which patches need to be applied to which servers.

The reality, according to the Kenna Security post, is that “100 percent, foolproof, absolute security isn’t a realistic goal, and if security is focused on that as an objective, they’re only setting everyone up for failure.” It is time to change that perception and perspective.

More from CISO

CISOs drive the intersection between cyber maturity and business continuity

4 min read - The modern corporate landscape is marked by rapid digital change, heightened cybersecurity threats and an evolving regulatory environment. At the nexus of these pressures sits the chief information security officer (CISO), a role that has gained newfound influence and responsibility.The recent Deloitte Global Future of Cyber Survey underscores this shift, revealing that “being more cyber mature does not make organizations immune to threats; it makes them more resilient when they occur, enabling critical business continuity.” High-cyber-maturity organizations increasingly integrate cybersecurity…

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today