In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management. We discuss the changes in process and how you can save time and resources with automation.
In this post, you’ll learn how your organization’s vulnerability management program stands to improve by implementing SOAR.
Current state: Today’s standard vulnerability management process
Vulnerability management is a hot topic today in security, with new vulnerabilities being disclosed at an uncomfortable rate and leaving companies scrambling to keep up. The first piece of effective vulnerability management is gaining visibility into your environment. In complex and modern environments, this can be quite the task, as environments are constantly changing and are spread out across the cloud, on-premises, and remote. Tools like InsightVM can help you gain visibility into every inch of your environment. Since there are often more vulnerabilities than time in the day to remediate, you need to get strategic.
This is where prioritization comes in. Because you have finite resources and time, you need to focus on fixing the things that attackers are most likely to take advantage of. This will ensure your valuable resources have the most impact on the overall risk of your organization.
Once the risks are prioritized, the next step is to put them into a report for IT. Usually, the process goes a little like this: IT receives the report, then sends it back to security with a cumbersome set of questions. Then, security pushes it back over and if they’re lucky, a few vulnerabilities actually get patched. Not only can this process result in resentment on both sides, but it introduces the possibility that some critical vulnerabilities just won’t get patched, either due to a lack of good communication or having no way to prioritize them against other important IT tasks.
After years of frustration with this process, security teams realized there had to be a better way. This brings us to security orchestration, automation, and response (SOAR).
How SOAR can disrupt the traditional vulnerability management process
The pain points we see security teams face with the traditional vulnerability management process can be straightened out by leveraging the power of SOAR. The initial phases of gaining visibility and prioritizing risks remain the same regardless, but when it comes to collaborating with IT and remediating risks by patching, SOAR can become an incredible asset.
Automation and orchestration can be leveraged in a few ways to help remediate vulnerabilities. The first is by integrating your vulnerability management solution with the IT team’s ticketing system, such as Jira or ServiceNow. This way, both IT and security can continue with the same workflows, processes, and tools they are used to. As a result (and sometimes even unknowingly) the two teams begin to collaborate seamlessly, helping to accelerate the vulnerability management process and make it more accurate.
Automation and orchestration can also assist in patching through a process called Automation-Assisted Patching (fitting, right?). By integrating with common tools like IBM BigFix or Microsoft SCCM, SOAR can help move along the patching process and make it more efficient and accurate. When it comes to patching, automation will never completely remove humans from the picture, as there will always be key decision points along the way. However, the repetitive and monotonous tasks that occur between these pivotal points can be accelerated by Automated-Assisted Patching so that teams can get straight to the decisions and move on.
The final step is to validate that patches were in fact completed and that the vulnerability has been completely eradicated. InsightVM helps teams implement an accelerated patching remediation process by leveraging the power of SOAR. Learn more with a free trial of InsightVM today.