Last updated at Thu, 19 Apr 2018 18:00:00 GMT
Your vulnerability scanner embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and you find out that not everything was fixed and issues have progressed.
For companies with distributed offices, it can be tricky to communicate issues to teammates you have limited facetime with, get things done quickly when time zones are in conflict, and develop an effective workflow among these challenges. Especially if there is no centralized way of reporting, tracking, and remediating vulnerabilities, getting your teams to work collaboratively together to remediate issues fast is a near impossibility.
The good news is, there are four straightforward ways in which you can restructure the vulnerability remediation process so that issues can be dealt with faster and more effectively.
1. Assign ownership for different systems
Modern networks are no longer comprised of just servers and desktops. You now have to contend with remote workers, cloud and virtualization, and mobile devices. With more assets comes more owners, and if your company operates across multiple offices, ownership is often spread out, not centralized. This can add a great deal of complexity to the vulnerability management process because not only do you need to know who is responsible for which assets, but how you can communicate with them about a critical vulnerability.
One way to fix this would be to develop a spreadsheet listing out all of your assets, who owns each, where they are located, and how to get in touch with them, but who has time to keep this list up to date? Chances are, not you.
A better option would be to systemize it. Using a platform like InsightVM, you can oversee all of your assets and assign ownership so that anytime a vulnerability impacts a particular asset, the owner is automatically in the loop. In practice, this means when a vulnerability scan is complete, you can report issues to the right people who own the systems you need fixed. InsightVM integrates with popular ticketing systems like Jira and ServiceNow so that you can assign tasks to the right people who are equipped to remediate them fast.
InsightVM creates a remediation project, which is a capsule for managing each vulnerability fix from start to finish. Not only can you assign tasks, you can also track and measure progress, all within the confines of the project. Yes, that means no more tediously managing projects in spreadsheets, emailing back and forth, or Slacking to move projects along.
2. Understand each location’s remediation challenges
Every location has different resources that can impact how quickly and effectively they can remediate issues. For example, you may have four corporate locations with full IT teams and another three dozen field offices that have just a single IT administrator. Understanding the relative IT maturity of each location and their remediation capabilities can help you better prioritize remediation and ensure issues get fixed in time.
This way, when issues come in, you can strategically assign them to the teams most capable of addressing them. Having a system like InsightVM in place can help you identify which teams are best equipped to fix different vulnerabilities. For example, if a major vulnerability is discovered within your AWS account, and you can see that the New York City office has the most IT staff with AWS access, you’ll know they’re the best office to assign the vuln to. No extraneous confusion.
3. Help your IT team prioritize vulnerabilities accurately
IT teams are often inundated with a variety of requests and tickets each day, some of which are security related, others that are product or infrastructure related. If the security team doesn’t have the benefit of facetime to talk with IT about priorities, it’s hard for them to determine how severe an issue is. With similar goals to fix high-priority issues fast, what’s needed is a better way for both teams to collaborate and share information.
This can be done by integrating the remediation process into IT’s existing workflow, allowing security to systematize how they communicate vulnerability details and priorities so that IT can view issues in context and address them appropriately. With InsightVM, for example, not only can you integrate with IT systems like Jira and ServiceNow, but you can also submit useful information from your vuln scan and set an expiration date for a static remediation project or create a dynamic project, depending on the type of vulnerability.
Static projects are most appropriate for a set list of vulnerabilities that need to be fixed, such as this month’s Patch Tuesday updates, whereas dynamic projects are useful for categories of vulnerabilities that need to be fixed quickly and regularly, such as all exploitable vulnerabilities discovered on production systems. Expiration dates give your IT team a clear view of what needs to be fixed when so there is no question about priorities.
4. Create metrics and measure how efficient offices are at remediation
Having the ability to track remediation every step of the way sheds light on an otherwise murky process involving multiple offices, system owners, and technologies. Data can help you proactively identify when teams are falling behind on deadlines so you can get them the appropriate help and information to move forward.
Within InsightVM, you can view remediation progress over time, see which projects are on track or behind, and which teams are more efficient at addressing vulnerabilities. You can also create remediation dashboards filtered by location to understand where your most critical projects are lagging, and which teams are most effective.
This information is useful if fixes are falling behind that could compromise your organization’s security so that you can get in touch with the appropriate team members and find out how you can help them reach the finish line.
End-to-end remediation workflows leave no vulnerability behind
Your worst fear is a major vulnerability slipping through the cracks leading to a major disaster. Unfortunately, episodes like this have already been the cause of many of today’s leading attacks and exploits because companies with distributed teams lacked visibility and ownership over the remediation process.
Purpose-built to address every team’s worst nightmare, InsightVM helps get the right information to the right people, so you never lose sight on high-priority vulns and always know where a fix stands.