Chat with us, powered by LiveChat

IT and Cybersecurity Teams Need to Work Together

by Bart McDonough 0 Comments

Occasionally, we get clients who are worried about their outsourced IT provider ALSO being their outsourced cybersecurity provider. They ask the question, “Is this like the fox watching the henhouse?”

The short answer is NO, with one possible exception.

In fact, it is critically important your IT operations and cybersecurity operations are aligned and communicate frequently, regardless of which company (or internal staff) is providing the service. A great example that we often see is when IT adds a new device or application into the environment and cybersecurity doesn’t know about it, leaving the device unprotected. For this reason alone, you want to make sure your IT and cybersecurity operations are tightly aligned.

Before we get into the specifics, I think it’s important to understand how we at Agio think through the various segments of managing your environment. Between IT and cybersecurity, we feel strongly there are both critical Operational and Governance activities. It’s important to understand these elements so we can talk about which areas have the most synergy and which could be compromised if the same “team” executes them.

IT Operations

IT operations are all the activities we normally associate with outsourced or managed IT activities. These include, but are not limited to, the following:

  • Help Desk & Desktop Management activities
  • Perform Infrastructure Management (Server, Network, Storage) & Application Management (Database, Applications)
    • Patch Management & Vulnerability Remediation
    • Configuration & Change Management
    • Upgrade to new hardware/versions
    • Decommissioning of retired hardware/version
    • Software Updates
    • Active Directory Management
    • Application installation and on-going support and maintenance
  • Backup & Restore management
  • Performance & Availability Monitoring
  • Daily break-fix activities
  • On-boarding and off-boarding of users, including user set-up and permissions

IT Governance

IT governance is an area often overlooked by outsourced providers yet an area we at Agio take great pride in providing and know it sets us apart from other providers. These include, but are not limited to, the following:

  • Disaster Recovery Tests
  • Update Device Inventory
  • Identify & Review Inactive Systems
  • Review & Update GPO policies
  • Update/Reset Admin Passwords
  • Review Outbound Security Configuration
  • Review & Update Device Warranty
  • Review Current Utilization & Available Capacity
  • Perform Infrastructure Gap Analysis
  • Identify Top Recurring Issues
  • Review add/remove/changes to sensitive security groups
  • Review and update DNS conflicts
  • Check for local admin accounts
  • Review and update key policies and exceptions
  • Review applications installed on workstations and servers

Cybersecurity Operations

Cybersecurity operations is sometimes called by many different names – managed security, managed detection and response, SOC, etc. Regardless of the name, this is the function responsible for actively monitoring and defending an organization from the non-stop threats from bad actors. These include, but are not limited to, the following:

  • Collection of log data from all relevant systems and application (SaaS, IaaS, or internally hosted)
  • Creation of rules to detect anomalies and cybersecurity events via correlation of event logs from multiple systems
  • Configure and respond to alerts from Intrusion Detection Systems
  • Configure and respond to alerts from Anti-Phishing Systems
  • Manage and execute the Incident Response process
  • Review and provide status of firm cybersecurity posture
  • Configure and execute Vulnerability Scanning
  • Configure and maintain Identity & Access Management Systems
  • Lead incidents
  • Manage and tune detection technologies such as SIEMs and network sensors
  • Identify gaps in logging and help fill them
  • Monitor detection and response posture to support continuous improvement

Cybersecurity Governance

Cybersecurity governance, like IT governance, are the key areas you need to execute in order to make sure your organization is performing all the right activities to properly manage the cybersecurity risks of your organization. These include, but are not limited to, the following:

  • Security Risk Assessments
  • Tabletop Exercises
  • Social Engineering Tests (including Phishing & Pretexting)
  • Macro Threat Intelligence Analysis
  • Cybersecurity Awareness & Training
  • IT Governance Audit & Review
  • Red Team vs Blue Team Exercises
  • Validation of Policy & Procedure Compliance
  • Security Architecture Reviews
  • Vendor Assessments
  • Periodic/Random Inspections of Best Practices

I previously mentioned there is one possible exception where you might not want the same outsourced provider as your cybersecurity partner. It’s the penetration test, and specifically a technical test of the network.  This is really the only element you need to be concerned about if you’re worried a provider might not be ethical in reporting any findings from a technical test.  Other than that, this laundry list of activities gives you a clear roadmap to what your IT and cybersecurity teams or provider should be managing for you, and how streamlined these activities are when these functions are kept under the same roof – whether that’s one internal team or one outsourced provider like Agio.  If you’d like to know more about how we can help you, contact us.