It's one thing for an enterprise to understand that it has known security vulnerabilities that need to be patched, and it's quite another thing to actually make sure the enterprise is in fact patched for vulnerabilities. BMC Software is aiming to close the gap between security and operations with its BladeLogic Threat Director technology, providing a new type of security and operations (SecOps) paradigm for organizations.
BMC went private in 2013 and ever since has been on a path to transform itself into a more agile operation. Part of that transformation is a focus on enabling security, according to Bill Berutti, president of the cloud, data center and performance businesses at BMC. The new BladeLogic Threat Director builds on a technology portfolio that BMC has had since 2008, when it acquired data center automation vendor BladeLogic for $800 million.
Many organizations spend money on scanning for vulnerabilities and paying for security intelligence, according to Berutti. Many also spend money on log analytics to look for threats, but a missing link is how to tie in all the security capabilities with data center operations, he said.
"BMC BladeLogic Threat Director is a technology that allows both the security and operations teams to get full visibility into the known vulnerabilities and their current state with an organization," Berutti told eWEEK.
BladeLogic Threat Director also provides a workflow capability that enables organizations to track and make sure that there is an operations plan to patch or fix identified security vulnerabilities. Berutti noted that BladeLogic technology enables server and IT automation. What BMC has added is an analytics and process automation capability. In addition, a dashboard provides metrics on security events to enable an executive to understand risks. The dashboard also has a view for operations people who need to implement patches that can align risks with required service-level agreements (SLAs) for data center operations.
The idea of creating a SecOps function where security is tied to patching and IT operations is not entirely unique. Security vendor Tanium, which has raised $262 million in venture funding, is also looking to narrow the gap between security and operations. Berutti noted that while Tanium is a good competitor and does come up in some competitive sales opportunities, BMC can differentiate on the granularity of executing a patch and automation into IT Service Management (ITSM) systems including Remedy, which is a BMC product.
Looking forward, Berutti said that future capabilities include even deeper granularity into the IT impact of a given security vulnerability. The additional capabilities will enable an organization to better prioritize patching operations, such that the most critical systems, where customer data is stored, can be prioritized over other areas of an IT infrastructure when rushing to remediate a new vulnerability.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.