This is a follow-up to my previous post, How to Use InsightVM’s Goals & SLAs Feature to Define Important Metrics and Optimize Your Security Operations.
Timely and effective remediation of security threats and vulnerabilities in your operating environment requires close collaboration between your IT and security teams. However, ensuring top priorities are handled punctually and enforcing accountability can sometimes be challenging. Many organizations outline service-level agreements (SLAs) for remediation in their vulnerability management policies, such as “All critical vulnerabilities must be remediated within seven days of discovery.” Do you have the right metrics and tools in place to make sure your teams are keeping up with these requirements?
Most frequently, security teams at many organizations export vulnerabilities and related assets into spreadsheets or reports and email them to the IT teams for remediation. However, after the transfer of this information, there is no easy way to track whether the IT teams have remediated the risks within the agreed-upon timeframe. Having this important metric and trends over time not only allows you to keep teams and individuals accountable, but also helps your organization properly prioritize its limited resources for the most important tasks. Additionally, most IT teams automate their regular updates and frequently assume all security vulnerabilities are being remediated with that process. Being able to identify the outliers that are missed allows security teams to notify IT teams only of the items that were not remediated, making their data more actionable and relevant to the recipients.
Rapid7 makes it easy for you to set up and track such SLAs in InsightVM. You can create multiple SLAs based on your organization’s infrastructure (e.g., asset groups, networks, etc.) and vulnerability categories. As soon as the risky assets are identified or scoped vulnerabilities are discovered, clocks start ticking and those assets and vulnerabilities are tracked until they are remediated. On a given day, this allows you to see what percentage of your assets or vulnerabilities are remediated, still within grace period or past due. You can then drill into the SLA to browse the list of those assets and vulnerabilities with the option of exporting to a CSV file.
In addition, InsightVM makes it easy for you to build dashboards with your Goals and SLAs so that you can see all your key performance indicators in one place. This greatly simplifies creating reports and presentations for senior leadership with the most essential metrics showing the effectiveness of your organization’s security program.
After you define your SLAs in InsightVM, you can also create remediation projects and assign tickets to your IT teams directly from the details page for vulnerability-based SLAs, further simplifying the remediation efforts. If this sounds interesting, I recommend you to read our recent blog post on remediation projects.
As security breaches become more common and more impactful, using an effective modern vulnerability management approach is more important than ever before. We believe the top priority for your VM solution is to enable you to analyze, prioritize, and remediate security risks smoothly so that you can achieve the best security outcomes possible.