You might have heard of SecOps, DevOps, and DevSecOps. These terms all have the beginnings of a few words blended to form a new buzzword. Sec = Security, Dev = Development, and Ops = Operations.
So, what is CyOps? We know that “Ops” is short for “Operations.” “Cy” sounds like the beginning of “Cyber,” so probably “CyOps” means “Cyber Security” + “Operations.” However, that is exactly what most people use “SecOps” to indicate.
“CyOps” doesn’t mean anything. It isn’t in general usage in the IT industry. If it was once in contention to express the merging of security systems with IT operations tasks, it lost to “SecOps.”
CyOps is not in general usage is born out by international copyright law. You can’t copyright or trademark a term in public use if applied in context. Thus, it isn’t possible to copyright the time “Information Technology” or register it as a trademark. However, taking that term out of its commonly understood bare context by adding a few words enables it to be trademarked, such as “Dallas Information Technology News.” Several IT companies have used CyOps as a brand, and that wouldn’t have been possible had the word established itself with a clearly defined meaning in general industry usage.
In search of CyOps
The CyOps brand name has been used three times:
- CyberSponse Orchestration Platform (CyOPs)
- Cynet Managed Detection and Response (CyOps)
- CyOps Cyber Security
CyberSponse is no more. Fortinet took it over in 2019. Its CyOPs package was a security orchestration, automation, and response (SOAR) platform. SOAR is a methodology that cyber security tools used to share information and pass on action requests. For example, a SIEM or an intrusion detection system (IDS) would use SOAR to gather activity data from firewalls, switches, routers, and access rights management tools. Those security systems then use SOAR again to implement blocks on suspicious activities by communicating instructions back to those system management tools.
The Cynet CyOps service, based in Israel, and the CyOps Cyber Security consultancy in Belgium are still operating. These two businesses are found in different countries, which enabled them to register the same name. However, this will probably cause problems for Cynet if it tries to market its managed security operations team’s services in the Belgian media.
CyOps or SecOps?
All of the businesses that have used the name CyOps did so to express system security capabilities strengthening the suspicion that CyOps means SecOps. As the IT industry uses SecOps to refer to tools that implement both system security measures and IT operations functions, it is better to look for SecOps tools rather than CyOps systems.
SecOps is worth investigating. The merger of security functions with system monitoring and management tools makes a lot of sense. For example, while a log manager is collecting, consolidating, and storing system log messages, the vendor of that type of product could easily add on the security services of a SIEM. So, systems that provide both log management and a SIEM are SecOps tools.
Another excellent example of SecOps inaction lies with vulnerability managers linked to automated patch managers. One of the main system security weaknesses that vulnerability scanners look for is outdated software. Fixing those detected problems requires patching, so many vendors have packed those two tools together – merging security and IT operations to make SecOps.
Security tools have to monitor systems to spot miscreants and misdemeanors, so merging system monitoring and security systems make sense. This movement has already begun, and over the coming years, the convergence of operations and security tools will become the industry standard.
The concept of SOAR is a SecOps strategy because it enables separate tools, possibly developed by different providers, to exchange information and instructions so that operations tools can be exploited for security purposes.
The benefits of SecOps
The main benefits of the SecOps strategy can be expressed in three categories:
- Lower costs
- Faster detection
- Reduced errors
Although many of these benefits seem obvious, they are worth stating.
Cost savings come in three benefits. First, by reusing operations reporting as inputs to security software or merging the two systems completely, software producers can reduce the coding and development needed to produce SecOps tools. Reusing the system monitoring tools as a security detection system speeds up production times and squeezes extra value out of the monitoring system’s development effort.
Thus, by combining monitoring systems intended by IT Operations teams and detection systems needed by security analysts, tool providers can offer better products at a lower price and get them to market faster.
The user gets better tools for monitoring and security operations at a better price. Also, having a unified SecOps tool removes the need to host two software packages, thus, reducing the cost of server processing and space provision. The logs and reports produced by a unified tool take up less storage space than those produced by two systems, reducing server costs further.
A single tool for They were reusing Operations and security requires a single team to manage it rather than two, so SecOps systems reduce staffing costs.
We have already seen that the SecOps concept speeds up tool development times. They also speed up operations when in use. For example, SOAR is an excellent way to exchange data between systems for security information. However, no matter how quickly that data is shared, the process will always be slower than the reuse of data by the same system that generated it.
Having two teams running two related monitoring systems also creates delays because while the monitoring team might be alerted straight away by a system response issue, security tools often wait for other indicators that the performance problem was caused by malware or an intruder.
If a single team is tasked with watching performance and security, they would be aware of an issue caused by a security breach much sooner because they are also tracing performance issues.
Automated root cause analysis often kicks in when a performance problem arises. For example, if programmed to look for such events, that tool will identify a security breach at the heart of a system performance problem.
Systems that rely on manual data transfers through flat files or spreadsheets also create room for errors. Not all pertinent information would always be handed over because the people generating the output are unaware of which pieces of information could be critical to the receiving system. Files might be mislaid before uploading or loaded into the wrong directory by mistake.
Creating a closed-loop collective security and operations tool will always produce a better service than two separate systems.
CyOps and SecOps tools
To better understand what CyOps/SecOps does, it is a good idea to look at tools that implement the strategy. Several product categories have already been explained above. Here are some specific examples.
What should you look for in a SecOps tool?
We reviewed the market for SecOps systems and analyzed the options based on the following criteria:
- A security service that takes monitoring inputs either through SOAR or directly in the same package
- A system protection service that can issue instructions to other tools to shut down attacks
- A package that combines both monitoring services and threat detection
- Systems that operate on endpoints and networks and can be coordinated by a central server
- An automated tool that includes an alerting mechanism so that technicians don’t have to watch the console all the time
- A package that can be set up with playbooks to trigger response actions
- A reliable service that reviews suggest works to shut down attacks quickly
Using this set of criteria, we looked for a list of SecOps packages that show how CyOps strategies can save time and money.
Here is our list of the six best examples of CyOps tools.
- SolarWinds Network Configuration Manager (FREE TRIAL), This IT Operations tool has added security benefits. The tool helps you standardize the setting of your network equipment. It also stores an image of the ideal setup, enabling you to configure new devices on installation instantly. In addition, the package monitors network devices constantly, and if the settings get changed, it automatically restores the authorized configuration. This confounds the strategy of hackers who can weaken the defense mechanisms of network devices by altering their environments. This tool runs on Windows Server. Start a 30-day free trial.
- SolarWinds Security Event Manager (FREE TRIAL), This on-premises service can gather all of the log messages that the many software and hardware assets on your system generate. The tool consolidates the disparate formats of these messages to put them into a standard layout. It then files them. The Security Event Manager creates a meaningful directory structure for the log files and rotates files. Stored files can be accessed for event analysis within the package’s dashboard. In addition, the tool protects log files from tampering, which confounds attempts by hackers to cover their tracks. On top of those functional IT Operations tasks, the bundle includes an entire SIEM system for security breach detection. This software installs on Windows Server. Start with a 30-day free trial.
- Fortinet FortiSOAR This system is the CyberSponse Orchestration platform tagged with the brand CyOPs before Fortinet bought the company. The SOAR system exploits the capabilities of tools that you already have on your site. It acts as a hub that receives system activity information from other tools, identifies security or performance issues, and draws attention. Through playbooks, which can be customized, the FortiSOAR package then sends out instructions to other products with which it integrates to improve performance or shut down attacks. Fortinet produces a range of security products, and FortiSOAR is an excellent choice to coordinate their activities. However, the system can also coordinate third-party monitoring and security tools. This system runs as a virtual appliance on-site over VMWare or on the Cloud as an AWS service.
- Cynet CyOps This technical team manages the Cynet extended detection and response platform. This is a Cloud platform, which is included in this list because it uses the CyOps name. However, the service’s main aim is security alone and not IT Operations. Thus, this can’t be counted as a SecOps system. For example, they won’t alert you if your network is running slow or reroute traffic around overloaded switches, they are only concerned with spotting malware and manual threats.
- Rapid7 InsightVM The Insight system is a cloud platform that offers a range of security tools. They slot together and gather information through a single on-device agent if you subscribe to several. The InsightVM is mainly a SecOps tool because it implements vulnerability scanning and an automated patch manager. So, it spots security issues and then crosses into the realm of IT Operations to fix them. The InsightVM system will also recommend system settings changes to tighten up security.
- Files.com This is a cloud service that manages file transfers. The system also supports file sharing and can hold files created in productivity suites, such as Microsoft 365 and Google G-Suite. This system helps IT operations because it reduces file duplication, thus saving space and removing the chaos that can arise from different versions of a document getting into circulation. In addition, the service improves security by imposing encryption on files both at rest and in motion. The package also facilities business continuity because it includes a syncing and backup service that makes files available even if their original host is damaged or original copies are compromised by ransomware.