Silver SSVM Case Study
Introduction
Secutor’s Signature Vulnerability Management (SSVM) system provides a means to leverage best practice guidance and information to improve Threat & Vulnerability Management. Secutor spends the time necessary to understand our client’s cybersecurity environment, framework, and controls.
We perform a deep dive on our client’s ability to discover assets, perform vulnerability scans on them, report to application teams and how effectively the organization remediates vulnerabilities. In essence, we evaluate the performance of our client’s cybersecurity program.
We discussed robust security practices with our client’s information security team. We performed a gap analysis of the actual security controls we found against the security controls that the client believed were in place. Where practical, we performed technical assessments of those controls to make a determination if the controls were operating at peak effectiveness. Our processes included performing details reviews of firewall rules, intrusion detection signatures, and the setup and configuration of these cybersecurity solutions – particularly those associated with Threat & Vulnerability Management. One practice that is usually missed is including Threat Intelligence information in the organization’s vulnerability classification process – thereby giving one an incomplete view of risk and vulnerability prioritization.
Secutor uses threat intelligence information to enhance the effectiveness our the SSVM process. Threat intelligence feeds provide us with an understanding of which vulnerabilities are not only classified as critical in a VM solution, but are those vulnerabilities actually being exploited in the wild. That information helps us paint a true picture of organizational risk. We find that threat intelligence data is absolutely paramount and necessary in a modern Threat & Vulnerability Management program.
We make extensive use solutions provided by Qualys. Qualys is one of the original pioneers of saas based VM solutions. We use Qualys to assess our client’s Vulnerability Management programs. We believe that it is critical that organizations be able to timely identify vulnerabilities so that they can be addressed. That process begins and ends with IT asset discovery, vulnerability scanning, report distribution, vulnerability mitigation and remediation techniques, and informing information security leadership about metrics that tell us if the program is successful or not.
Vulnerability Management is hard, but it doesn’t have to be impossible. We help our clients understand how to build effective Threat & Vulnerability Management programs by focusing on best practices and education. Our programs help clients maintain more accurate IT asset inventory, scan and remediate more effectively. In some cases, the issue isn’t VM, but controls in the IT environment that aren’t keeping pace with vulnerabilities identified. In those cases, we help educate IT how to more effectively handle processes such as patch management, change control, and even desktop and server images. Your VM processes need to adapt in order to effectively deal with the thousands of new vulnerabilities introduced each year.
SSVM, by its very nature, is an effective Vulnerability Management Program. We’ve designed the “gold” standard of TVM programs and assess our client’s programs against SSVM.
Situation
One of the largest public transit authorities in the United States, serving almost 6 million people with nearly 5000 employees, has a very large legacy network with sporadic documentation that the new IT Security Manager needed to get under control so that he could modernize their cybersecurity protections. He chose QualysGuard to obtain the visibility needed to rapidly reach his goals. But he quickly discovered that despite how easy Qualys is to manage and maintain, his team didn’t have the required skills to get Qualys deployed on time and in the most optimal configuration for his needs. They had accomplished a partial deployment but weren’t using Qualys to it’s full potential.
Challenges
Secutor performed a gap assessment with SSVM, analyzed the results, and identified a wide range of issues, which including:
- They didn’t have the information needed from the networking team to scan all available IPs
- Vulnerability scans weren’t properly scheduled, with a standardized Option Profile
- Reports and metrics weren’t standardized, and they were using individual scan results rather than the powerful “Host Based” database
- Authentication wasn’t enabled, so the vulnerability scan results were limited and they weren’t taking advantage of QualysGuard’s built-in “Agent-less Host Tracking” features
- They were struggling with assigning vulnerabilities to individuals and teams for remediation
- Lack of defined metrics and KPIs to track progress
- Lack of effective communication between the network, IT, and security teams
Services Provided
Secutor Cybersecurity experts in conjunction with IT Security, collaborated to perform:
- Security Control Gap Analysis – Obtained approved security policies and procedures so that we could assess against best practices and determine where controls were deficient
- Network Security Analysis – Reviewed subnet information provided by the networking team to determine the optimal scanning coverage and schedule; determined if IT asset inventory was complete or lacking.
- TVM enhancements – Designed and implemented new processes and procedures around Qualys VM. We helped automate multiple routine vulnerability tasks such as remediation ticket opening to reduce the burden on IT personnel. Our process also included reviewing existing vulnerability scans so we could optimize scan coverage, scan windows, and the penultimate – the prioritization of vulnerabilities.
- Program Metrics and Vulnerability Prioritization – We worked with our customer to select relevant and repeatable metrics. Where possible, we spent the time and effort necessary to automate information gathering, metric collection and communication. The goal being to provide our client with the ability to measure TVM program success.
- Governance, Risk, and Compliance (GRC) – We collaborated with our client to reflect their new Vulnerability Management processes and procedures in their policies and standard operating procedures (SOPs). We also tweaked and enhanced the client’s Remediation policies and procedures.
- Education and Best Practice Training – During the engagement, we took numerous opportunities to guide our client on TVM and remediation best practices and procedures – providing opportunities for the new systems and processes to be more likely to “stick” once we were no longer onsite.
Summary
Secutor SSVM:
- Helped our client assess their network in the identification of 3,000,000 internal IP addresses. Answering: “Is my IT Asset inventory complete or am I missing assets?”
- Assisted our client in updating their IT asset and software inventory of 7,000 networked devices. We also helped establish repeatable processes to continue to identify what assets our client needs to protect.
- Put specific time and attention on a smaller number of assets (150 assets out of 72,000). Our process helped our client deal with vulnerability prioritization more effectively so that they could demonstrate our vulnerability remediation prioritization process and demonstrate “wins”.
- Document security program and architectural improvements. Effectively, helping our client establish one way, the right way of running a TVM program.
Other Case Studies
Secutor Signature Vulnerability Management Silver Case Study
Silver SSVM Case Study Introduction Secutor’s Signature Vulnerability Management (SSVM) system provides a means to leverage best practice guidance and information to improve Threat & Vulnerability Management. Secutor spends the Read More →
Secutor Signature Vulnerability Management Gold Case Study
SSVM Gold Case Study Introduction Secutor’s Signature Vulnerability Management (SSVM) system is a unique approach to Vulnerability Management. Secutor learns and assesses the security components that consist of and make Read More →
Secutor Signature Vulnerability Management Platinum Case Study
SSVM Platinum Case Study Introduction Secutor’s Signature Vulnerability Management (SSVM) system is a holistic, risk-based approach to Vulnerability Management that places emphasis on using network security architecture in combination with Read More →