In today's Whiteboard Wednesday, Bill Bradley, Product Marketing Manager at Rapid7, will discuss the topic, "How to Save 140 Hours a Month on Vulnerability Management".
The truth is that most security teams are overworked and under staffed, making it very tough for a team to follow through with their vulnerability management programs on a monthly basis. Chances are, you feel the same pain in your day job.
Watch this video to learn how you can take advantage of some of the great technology out there that can cut the time you spend on vulnerability management down significantly and allow you to focus on the highest priority risk in your environment.
Read Video Transcript
Hi. Bill Bradley with the Rapid7 Product Marketing Team for today’s White Board Wednesday. We are going to talk about how you can help your organization save 140 hours of your vulnerability management program on a monthly basis. We are going to walk thru a couple scenarios here.
First, today as it is in many organizations what the timeline is to go thru a traditional scan cycle. Then we are going to counter that with an example a couple best practices in the vulnerability management space that can help you save both time and money for your team.
We are going to start with the midsize organizations. Say they have about 6000 IP addresses out there. You perform your vulnerabilities scan, not uncommon to see 2,000 vulnerabilities. From there using a high low scoring approach across the industry you may see 400 high priority vulnerabilities out there. Still a large task to handle. Looking at maybe 5 minutes to do the investigation and then 20 minutes for the remediation. So 25 minutes for each one of those times 400 gets you 166 hours to go thru that full vulnerability assessment and remediation process. Commonly an IT professional may have $50.00 per hour labor rate taking that hourly times $50 get you about $8,000 in operational expense that the organization must bear on a monthly basis to perform this vulnerability management.
Let’s counter that with the example that uses the same beginning points but adds a few different best practices into vulnerability management program that can help significantly reduce the time and money here. So again 6,000 IP’s, 2,000 vulnerabilities, we’ll stay with that 400 high priority vulnerabilities. Let’s look at a more granular scoring approach that just that high, medium, low that takes other aspects into account. Take that 400. May knock it down and get 200 vulnerabilities there. Still a large task for many organizations to thru and remediate those 200. So what do you do next?
There are options such as a penetration testing and a vulnerability validation tool that can look at those 200 and see out in the market place what type of exploits, what type of malware, what type of kits are out there that people can buy or download to attack your organization. Using a tool like that you can take that 200 and you can bring it down to 65 vulnerabilities out there. A far more manageable task for your organization.
From there, using that same approximately 25 minute scan cycle, looking at about 26 hours to do that level of work there. So three days versus the multiple weeks in the other example. From a cost perspective, 26 hours again at that same $50 rate is $1300 in operational expense for your organization. So, you’re looking at 140 hours saved, $5700 saved for your team. As well as get yourself a more secure organization by having a shorter cycle and a shorter time line that those vulnerabilities exist on your network.
So to recap a couple tools that can be used such as better prioritization and vulnerability validation to help save time money for your organization. Thank you for joining us at White Board Wednesday. We look forward to seeing you again next week.