BMC SecOps Response Service Brings Security Operations to the Cloud

A new cloud-based, software-as-a-service platform enables organizations to get visibility into known vulnerabilities and remediation status.

BMC SecOps Responce

BMC is expanding its security operations (SecOps) capabilities with a new service announced on May 3. The new BMC SecOps Response Service extends the BladeLogic Threat Director technology that BMC announced in April 2016 to the cloud.

The SecOps Response Service is built on the same codebase as BladeLogic Threat Director, which is a technology that gives organizations visibility into the current state of known vulnerabilities and patching within an organization.

"We are offering our customers the ability to deploy the product on premises with Threat Director, or run it as a service, with SecOps Response," David Cramer, vice president and general manager of Security Operations at BMC, told eWEEK. "Running it as a service allows us to offer it on a subscription model as opposed to a traditional enterprise license."

The SecOps Response Service is a cloud-based offering for helping organizations respond to misconfigurations and vulnerabilities that they find in their enterprises, including multicloud environments. Cramer said the goal of the SecOps Response service is to narrow the time gap between when a security team identifies a vulnerability and when the operations team patches and remediates issues.

The SecOps Response Service can be integrated with software-as-a-service (SaaS)-based scanning services from different vendors, including Rapid7, Qualys and Tenable, to identify potential vulnerabilities.

"Scanning and analysis can now all be done from the cloud, but the remediation can be a bit trickier," Cramer said. 

BMC has a process of multitier remediation to fully understand the impact of a security vulnerability and how it can be fixed in a given environment, he said. Automated remediation of software vulnerabilities is something that many organizations avoid to limit the risk of breaking production systems. Cramer said it's often easy to identify when there is a problem, but it's critical to understand the logistics of how a given application works and the impact that patching might have.

"Part of our value is operational intelligence, so we can automatically map vulnerabilities to the known inventory of systems," Cramer said. "We can then prioritize remediation based on severity, application and available maintenance windows, or we can just notify."

Although BMC provides automated remediation, Cramer said some customers still aren't quite ready to automate remediation, which is why simply notifying them about vulnerabilities is still important.

The SecOps Response Service is a vulnerability response, not an incident response, service, he said. The difference is that the service tracks and monitors for the status of known vulnerabilities as opposed to dealing with a security incident when it occurs. BMC does, however, have an incident response business built around its Remedy product platform. Cramer said some BMC customers will choose to integrate SecOps Response with the Remedy platform.

Currently, the SecOps Response Service deals with known vulnerabilities and does not have an integration with zero-day, emerging threat intelligence, though that is likely to change in the future.

"We have been talking to threat intelligence vendors about that part of the market, but we're not launching any capabilities for that just yet," Cramer said. "You'll see that in a release in the not too distant future."

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.