A poll conducted during our recent webinar revealed that the single biggest problem security practice managers and CISOs see in their environment is the inability to accelerate remediation to prevent a successful attack campaign. In fact, 63% of those polled stated that they “don’t know how to prioritize the right activities for remediating threats.”
During the webinar, cybersecurity experts Paul Caiazzo of Avertium and Sanjay Raja of Digital Defense discuss several best practices that can help CISOs accelerate remediation through better visibility and associated context:
- Scan for vulnerabilities at a frequency that aligns with your organization’s ability to remediate.
- Problems arise when organizations scan too frequently or not frequently enough. It is wasted effort to scan more frequently than their ability to remediate. However, new vulnerabilities are released every day, so infrequent scans will leave an organization exposed. It’s a delicate balance.
- Do not overwhelm your staff with remediation task lists that are not prioritized against your specific environment.
- Prioritizing scanning and patching of assets ties closely to an understanding of asset criticality. Not all devices are critical, nor do they require the same time frame to be scanned and patched. An organization’s vulnerability management (VM) strategy needs to ensure critical assets are identified and prioritized correctly.
- Develop different scanning profiles based on real-time threat intelligence.
- Developing different scanning profiles based on the most important assets, potential risk, and risk tolerance optimizes the overall VM program. For example, assets associated with a sales order entry solution may be scanned more frequently than those associated with a small field office. This enables security teams to more rapidly address weaknesses on more critical assets, based on a combination of business context and active threat intelligence.
- Scanning without strategy results in overwhelming your staff with remediation task lists that have no structure and no end in sight. False positives also contribute to excessive alerts and task lists, by as much as 20%. Modern VM platforms isolate these false positives thereby reducing the workload.
- Focus on the right metrics customized to your risk tolerance and critical assets.
- Finally, it’s crucial to focus on the right metrics. Caiazzo of Avertium states that while many CISOs may focus on driving down the number of vulnerabilities, the best metric to focus on is the ‘mean time to remediation’ and ‘dwell time’. Over time, the CISO should track and work to reduce these metrics which will allow the organization to increase their frequency of scanning along with their successful efforts to remediate; a key measure of operational maturity for a security practice.
The Rise of Vulnerability Management as a Managed Service
Many IT service providers and internal IT security departments are finally looking beyond just vulnerability assessments (VA) to venture into vulnerability management (aka VM) as an integrated part of an overall security operations practice. Asset visibility and risk, combined with threat intelligence, is actively enhancing how security teams are able to prioritize remediation actions. As customers look to improve scale and response time, they are turning to MSPs to add VM to their portfolio of security solutions and just about every MSSP is looking to optimize with a mature and scalable VM solution.
* * * * *
About the Author:
Tommy Wald is President and CEO of RIATA Technologies, a cybersecurity and IT consulting services firm based in Austin, TX. He is also the author of The MSP CEO: A Guide to Building a Successful MSP Business, available on Amazon.
Tommy may be reached at [email protected], or via www.RiataTechnologies.com.
About Digital Defense
Our Frontline.Cloud SaaS platform supports Frontline Vulnerability Manager™, Frontline Web Application Scanning™, and Frontline Active Threat Sweep™ that together provide:
- Asset discovery and tracking
- OS and web application risk assessment
- Targeted malware threat assessment
- Machine learning features that leverage threat intelligence
- Agentless & agent-based scanning
- Penetration testing for networks, mobile applications, and web applications
- Compliance management. One of the world’s longest tenured PCI-Approved Scanning Vendors
The Frontline.Cloud platform virtually eliminates false-positives associated with legacy vulnerability management solutions, while also automating the tracking of dynamic and transient assets and prioritizing results based on business criticality. Learn more.