Imagine this scenario: It's Monday morning. As far as Mondays go, this looks to be a relatively light day. No changes were made over the weekend, so you do not anticipate any fires to put out. All you have to focus on are a couple meetings later this morning. Before those meetings begin, you check your favorite tech outlet (we recommend Cygilant Daily Security Briefing), and realize that a major vendor has announced a critical vulnerability. This vulnerability could potentially be on every node across your network. One executive finds out about this issue shortly after. He or she now needs to know where the company stands.
Your Reaction – “What do I do?”
To identify the impact on the environment, you need to find what devices this affects. You can find this out by looking at a vulnerability scan report. Before you check that report, do you know if there has been a scan since the vendor’s announcement? If not, can I run one ASAP? Following, you will need to determine if the vulnerability is potentially patchable. You will also need a detailed breakdown on which devices are affected.
All this information is vital when determining which actions to take. Do you have a way to find this information? How many different places do you have to go back and forth to before you understand the impact? A single place where you can login and view all this data can greatly reduce the dwell time and allow you to mitigate this threat the most efficient way possible.
At Cygilant you have that visibility in a single pane of glass.
First and foremost, this task is not something you have to undergo alone. Cygilant’s 24x7x365 Security Operations Center (SOC), will be there to assist you. When you come in on Monday morning, contact our SOC team and ask them “Where in my environment does this vulnerability exist?” Our SOC will guide you by investigating the data within our SOCVue Platform and can kick off any necessary vulnerability scans on-demand. The SOCVue Platform will show you which devices are affected and a solution on how to remediate them.
Now that you know where the problem lies, how do you find the best course of action for your company? Are there devices that need to be fixed now, or can they wait? Our SOCVue Platform combines Security Monitoring, Vulnerability Management, and Patch Management for visibility that becomes proactive, providing prioritized courses of action to follow. If there is a patch available, our Patch and Vulnerability Management solutions are integrated, which allows you to easily apply the patches that are relevant to each vulnerability. If you need to wait for a change window before you can remediate the vulnerability, our team will write alerts for you, so you will be notified right away if there is an indicator of compromise. This can give you a methodical process to help you sleep at night and be prepared at a moment’s notice. So, when that executive asks, “Where do we stand?” you will have a plan of action.