When a CISO or IT leader chooses to have a cybersecurity assessment done, that decision starts with recognizing that an existing internal process or program might not be fully effective or complete. That conclusion isn’t always easy. Internal teams don’t always know or communicate when a process is broken or failed, and leaders don’t always have the specialized expertise to spot trouble areas.
When either or both factors are in play, security assessments are especially critical in helping an organization maintain and strengthen its security posture. A qualified third party provides an unbiased, honest view of weaknesses and the steps needed to fix them.
Putting assessment results to work
But if your organization is anything like the organizations we work with—and statistics say it likely is—results from a threat and vulnerability management (TVM) assessment can feel like you have only two choices: pile more projects and duties on top of your team or save the results for later when (if) your resources improve.
IT teams wear too many hats and are responsible for too many things. SOC (security operations center) teams and other security personnel are asked to identify and remediate 30 – 40 new vulnerabilities reported each month and any zero days discovered.
When the internal team lacks TVM expertise and is already underwater with an extensive backlog, some organizations choose to operate with a program that is functioning but not ideal and save improvements for a better day.
Life after a threat and vulnerability management assessment
One client recently chose a different path forward after we completed their Threat & Vulnerability Management Assessment.
This global client is a giant in the consumer goods packaging industry and has over three dozen manufacturing facilities. They came to us with the goal of reducing their threat landscape and prioritizing threats with a risk-centric approach. To do this, they wanted to develop a threat and vulnerability management program that met or exceeded industry standards in their large, geographically distributed IT/OT environment.
After the assessment, the client recognized that their internal team could not apply the recommendations because of resource constraints and knowledge gaps around tool implementation best practices, vulnerability risk prioritization, key performance indicator (KPI) development and reporting, enterprise policy development, and process improvement.
Using the TVM assessment roadmap
With the resulting TVM project roadmap in hand, the CISO plotted the organization’s path to improvement. But there were lots of questions, a lack of existing policy documents, and missing expertise.
Converge Cybersecurity provided the solution with an embedded TVM expert residency. Our expert applied our methodology of listening first to continue to evaluate the needs and challenges facing the client’s team. By continually interacting with the client’s team, our resource developed policies, processes, and aligned tools for the client’s current and future goals.
This dedicated resource built out tasks, prioritized program efforts, and tapped Converge’s other cybersecurity subject matter experts to create deeper value.
Within six months, the client had tangible documentation, including runbooks, policy documentation, and strategic recommendations, to provide guidance across multiple TVM facets. A vulnerability risk prioritization methodology was developed and adopted utilizing the organization’s existing TVM tools. Establishing KPI tracking and reporting produces solid metrics the client can use to measure success. Tool configuration and consolidation integrated with the organization’s IT ticketing system streamlined the client’s vulnerability management life cycle and allows for better management and automation.
The organization’s overall security posture improved through a clearer understanding of its vulnerability landscape, and the client can now better identify, prioritize, and remediate vulnerabilities in their environment.
Moving the needle
Because of the success the client experienced with our initial residency, plans are in development for a Converge TVM strike team to prioritize and attack the backlog of vulnerabilities.
Knowing where to begin and how to get started can be the most difficult part of building or improving a security program. Converge Cybersecurity is your partner on the frontlines of cybersecurity, and we have the knowledge, resources, and skills to move your cybersecurity efforts forward. Contact us today to learn more.