BMC Aims to Enable SecOps to Reduce Security Risks
BMC's goal with its new BladeLogic Threat Director technology is to narrow the gap between security and operations to improve the rollout of patches.It's one thing for an enterprise to understand that it has known security vulnerabilities that need to be patched, and it's quite another thing to actually make sure the enterprise is in fact patched for vulnerabilities. BMC Software is aiming to close the gap between security and operations with its BladeLogic Threat Director technology, providing a new type of security and operations (SecOps) paradigm for organizations. BMC went private in 2013 and ever since has been on a path to transform itself into a more agile operation. Part of that transformation is a focus on enabling security, according to Bill Berutti, president of the cloud, data center and performance businesses at BMC. The new BladeLogic Threat Director builds on a technology portfolio that BMC has had since 2008, when it acquired data center automation vendor BladeLogic for $800 million. Many organizations spend money on scanning for vulnerabilities and paying for security intelligence, according to Berutti. Many also spend money on log analytics to look for threats, but a missing link is how to tie in all the security capabilities with data center operations, he said. "BMC BladeLogic Threat Director is a technology that allows both the security and operations teams to get full visibility into the known vulnerabilities and their current state with an organization," Berutti told eWEEK.
BladeLogic Threat Director also provides a workflow capability that enables organizations to track and make sure that there is an operations plan to patch or fix identified security vulnerabilities. Berutti noted that BladeLogic technology enables server and IT automation. What BMC has added is an analytics and process automation capability. In addition, a dashboard provides metrics on security events to enable an executive to understand risks. The dashboard also has a view for operations people who need to implement patches that can align risks with required service-level agreements (SLAs) for data center operations.