Learn how to build an internet operations management program

Internet operations management (IOM) refers to the technology components involved in creating a security program to automatically track all known and unknown internet-facing assets belonging to an organization's network, prioritizing them for remediation and automatically deploying playbooks to remediate critical vulnerabilities in their network.

It is the combination of automated public asset discovery and automated remediation commonly employed by a security operations center (SOC) to accurately inventory an organization’s global internet-facing assets and resource their remediation using automation and analysts.

Why Is Internet Operations Management Important?

IOM is critical because it combines two key components of security operations management: discovery and remediation. It helps organizations manage their internet-connected assets, discover shadow IT and unknown exposures, and automatically remediate them to improve key operational metrics that every SOC is concerned about – mean time to discovery (MTTD) and mean time to remediation (MTTR).

By combining two critical operational management functions, an organization's SOC can deploy its security technology and limited SOC analyst resources toward more strategic initiatives.

How Do You Build an Internet Operations Management Program?

Any good internet operations management program needs to combine an attack surface management (ASM) technology with a security orchestration, automation and response (SOAR) technology.

• ASM platform: An attack surface management (ASM) platform provides a complete and accurate inventory of an organization’s global internet-facing assets and network misconfigurations to continuously discover, evaluate and mitigate an external attack surface, evaluate supplier risk or assess the security of M&A targets.
• SOAR platform: SOAR platforms are an aggregation of security tools that help collect and analyze data from a variety of security infrastructures. SOAR solutions use a combination of humans and supervised-machine-learning models to perform a variety of security operations.

Why Is IOM Important for Governments?

Hostile nation-states and other bad actors relentlessly probe the internet and networks of federal, state and local governments to find vulnerabilities to exploit. Internet operations management empowers government organizations to remediate vulnerable assets before malicious actors get to them.

An IOM program can help governments with:

• Continuous IT asset discovery and monitoring: In a highly federated and constantly evolving network environment, a complete and up-to-date inventory of assets is crucial to ensuring security.
• Shared governance across multitier networks: Security teams, contractors and subcontractors work jointly to prevent weak links; meet risk management objectives based on continuous monitoring of tiered multilevel operations.

IOM as defined by Senate bill

"As noted in last year's report, CISA's ability to discover and guide remediation of critical vulnerabilities across federal civilian executive branch agencies is hindered by limited situational awareness that is overly dependent on manual self-reporting and persistent visibility gaps across federal civilian internet-accessible cyber terrain. To effectively become the operational lead for federal civilian cybersecurity, CISA is directed to continue adopting processes and state-of-the-art technology similar to those used by DoD for its Internet Operations Management.

[House Report 117-396, From the U.S. Government Publishing Office]

The United States government has issued a recommendation to government institutions to build a robust internet operations management program to improve the operations management of their security operations center (SOC) to be able to discover and guide remediation of critical vulnerabilities across federal civilian executive branch agencies.

Want to learn more about internet operations management? Please visit this page.