Introduction
Secutor’s Signature Vulnerability Management (SSVM) system is a unique approach to Vulnerability Management. Secutor learns and assesses the security components that consist of and make up the security architecture of our client’s network.
We review technical information about existing security components like firewalls, intrusion detection and prevention, malware analysis, and especially existing Vulnerability Management and Threat Detection processes, procedures, and even people capabilities. Our process includes understanding security strategies and how they filter down into practice throughout the entire security architecture.
Secutor uses VM tools and technologies that integrate threat intelligence fees so that our clients understand threats and vulnerabilities from a true risk perspective instead of relying on vulnerability ratings alone. Not all assets are created equal. They have different importance and business value to the organization. A server that stores personally identifiable information (PII) is worth more to the business and therefore cybercriminals, than say a purely informational marketing website.
We make extensive use of a VM solution from Qualys, a leader and award winning provider of network security, application assessment, and compliance tools. Our Vulnerability Management philosophy places emphasis on using network security architecture combined with (where applicable and the engagement includes it), threat detection solutions like RedSeal. Qualys VM identifies IT assets with critical attack vectors and prioritizes vulnerability remediation.
We help our clients identify assets and reduce the confusion they invariably have around vulnerability remediation. With the tens or hundreds of thousands of vulnerabilities our clients detect, they usually need assistance to build a robust and effective vulnerability management program to reduce their risk.
SSVM combines best practice techniques found in Vulnerability Management and also takes a hard look at IT processes (usually as defined by ITIL) such as change management, incident management, “gold” standards or hardening procedures, and desktop management.
Situation
A leading provider of enterprise-scale robotic process automation with development teams and customers around the globe had cybersecurity as a top concern for the executive management. They were nearing the completion of two massive projects, a migration into the Azure cloud and HITRUST certification, and their CTO wanted an independent review of their network security architecture and to have their Qualys deployment optimized.
Challenges
Secutor reviewed and rapidly identified their most pressing challenges, which included:
- QualysGuard, which was setup many years ago was not providing full product value or the information to protect their company and customers
- Reports and metrics had not been standardized, and they were using individual scan results rather than the more powerful “Host Based” database
- Authentication was not enabled, so the vulnerability scan results were limited and they were not taking advantage of Qualys’ built-in “Agent-less Host Tracking” features
- They were critically short-handed on staff with the time and knowledge to implement a Vulnerability Management program
- Only the most critical systems were being scanned thus leaving out significant elements of the network where malicious activity could take hold for further invasion into the enterprise’s infrastructure
- Lack of metrics and KPIs to track progress
Services Provided
Secutor Cybersecurity experts collaborated with the customer’s IT Security team to provide the following services:
1.
Extensive Security Architecture Gap Analysis
Reviewed the company’s existing security architecture via staff interviews as well as key information security policies. We reviewed important security processes and and security procedures to security architecture enhancements.
2.
Network Security Architecture Audit
Analyzed all ingress and egress paths that were controlled by the company’s network infrastructure. The goal being to understand and protect the organization’s data from all potential threat vectors.
3.
Vulnerability Management Program
Reviewed existing processes around the current implementation of Qualys. Made best practice recommendations that we helped the client implement so that vulnerability scans were properly scheduled and executed. Reports were automated in such a fashion to improve time to remediation and time to repair.
4.
Prioritization of Vulnerability Remediation
We integrated Qualys scans with the client’s IT management infrastructure in such a way that the client had more actionable vulnerability information than they had and could make great progress to closing vulnerability related tickets. The result being that their VM program gave attention to the highest priority vulnerabilities: those with higher risk because there were threats in the wild.
5.
Reporting of Metrics
We assessed the client’s existing metrics and identified additional key metrics the client should employ and track. The metrics we suggested were ones that we felt provided more impact and gave the client the ability to further buy down or avoid risk. We automated the metrics in such a way that the CTO and his team to could access continuously updated data.
6.
Governance, Risk, Compliance
Our assessment of the client’s Threat & Vulnerability management program helped us improve their VM processes and procedures. It also resulted in training opportunities where we could better enable staff to operate the company’s TVM program. We also helped the client draft their Vulnerability Remediation policies and procedures.
7.
Training
We conducted several knowledge transfer sessions to ensure a smooth transition of the new VM, processes as well as, revised remediation procedures to the customer’s staff.
Summary
Secutor helped this customer improve their security posture and significantly reduce risk by:
Identifying each of the 5,000 devices on the client’s internal network, answering the question: “Do I know what I need to include in my Vulnerability Management Program?” And, “Am I reducing risk and making progress with my Vulnerability scanning and remediation activities?”
Helping the customer update and maintain their IT asset and software inventory of 250 devices on the network, answering the question “Does my VM program cover, include, or protect the right IT assets?”
Focusing on 10 vulnerabilities of the highest severity out 2,000 “high priority” vulnerabilities that Qualys identified, answering the question: “What should I fix first?”
Making real progress to improve the customer’s security architecture and ability to identify and track vulnerabilities and improvements. Helping to answer the question: “Does my Vulnerability Management program provide a return for the investments I’ve made?”
About Secutor
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.