- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Security Operations Session, New York City Now Summit on November 13, 2018
At the Now Summit in New York City on November 13, 2018, Mark Sutton from Bain Capital sat down with attendees for a Q&A session on their approach to managing security operations and vulnerability management using ServiceNow Security Operations.
Customer Overview
Bain Capital is a multi-asset management firm with over $105B in assets under management. With headquarters in Boston, London, and Hong Kong, Bain has over 1000 employees, and 19 offices globally.
Bain's Security Operations implementation includes Security Incident Response, Threat Intelligence, and Vulnerability Response. They have been a ServiceNow customer for over 5 years. Mark Sutton is the Chief Information Security Officer for Bain.
NOW Forum Q & A
Give us a sense of Bain's structure and approach towards security operations.
I came in to Bain as the third member of the security team just under four years ago, and we were part of the IT organization. At that point, I was reporting directly into the CIO. Two years in we were able to move the security team out of IT, and we now report directly into the COO. This has created a healthy balance and partnership between security and IT. We now have a team of seven and are working on expanding that in the near term.
Reporting directly into the COO gives us great visibility from a security perspective. Cyber security is seen as one of the top three risks to Bain as a company. Our alignment in this manner is helpful in that I'm not trying to push cyber security controls, policies or issues uphill. Rather, it's a matter of keeping up with the needs of our managing directors and senior leadership who want to ensure we're mitigating risk as effectively as possible.
What was your initial driver for adopting the Security Operations solution?
Our main goal was getting to a consistent process established around everything we're doing. I’m a metrics warlord…if you can't measure it, you can't manage it. We have brought consistency to our processes so we can compare and contrast metrics in a reliable way. One big benefit here was getting out of email and having a consistent ticket and incident process which allows us to be more efficient and measurable.
It was also really important for us to be able to understand what our security metrics looked like from a risk perspective, rather than just operationally. I was frustrated with the typical metrics people were focused on, which didn’t help us understand how what we were doing operationally translated into reducing risk for the company. Being able to do that now is one of the things that has really allowed us to drive our program forward.
What's next in your journey on Security Operations?
Our near-term focus is on vulnerability remediation and assessing what we're doing around that program. The Vulnerability Response product allows us to distribute accountability to asset owners and IT teams, making sure they're aligned with our policies. Just being able to relate vulnerabilities to asset owners automatically is a huge leap forward.
It's amazing what can happen when you're able to report on vulnerabilities based on ownership. When you put someone's name up in lights, it completely changes the game of accountability.
Now we're looking at how we can make this even more effective – not necessarily in terms of being faster, but in terms of addressing the right vulnerabilities at the right time, and using the 5% of an IT guy’s time that they reserve for patching in the most effective way. For instance, if we can focus first on the vulnerabilities that are most likely to be exploited or our most critical assets, that helps us prioritize our remediation efforts.
What are some of the pitfalls to look for in your implementation?
It's essential that you choose the right partners for implementation. We did have a few missteps at first, but we've overcome that by aligning with the right partners.
Secondly, it's important to not focus so much on the end goal, but to think about taking bite-sized chunks. You can get stuck thinking 18 months down the line and everything that you want the solution to be. However, it takes time to prioritize, build consensus, develop, and adopt. By taking on smaller chunks of work, we're able to solve for specific issues and not move on to something new until we solve for that use case.
How would you recommend going about the implementation of automation of actual work within the platform?
The crux of everything essentially comes down to a data problem. In 2019, we are planning a big push towards automation and orchestration. Automation is great, but it can also make bad things happen faster, so you must be controlled in how things are rolled out. CMDB and asset data accuracy is critical to ensuring success. For your roll out, you can slice it and dice it by BU, technology, vulnerability type, criticality – a variety of ways based on your data. Be sure to deploy it in such a way that you can build consensus and partnerships within your organization.
- 895 Views
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
