A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

The CyberRisk Summit is back! RSVP for free for our live event | November 20 >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo

A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

The CyberRisk Summit is back! RSVP for free for our live event | November 20 >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo
Get a demo

case study

How Mandiant uses Vulcan Cyber for intelligent vulnerability remediation

Continual innovation and development opens the door to vulnerabilities in Mandiant’s workload. But as the to-fix list grows, how does the security team prioritize effectively and ensure that they mitigate their cyber risk?

download pdf
The Mandiant Challenge

The Mandiant Challenge

  • Development teams too busy with product releases
  • Too much vulnerability data
  • Vulnerability prioritization not in business context

 

Vulcan Cyber Benefits
Risk-based prioritization

Improved collaboration

 More complete remediation

 

About Mandiant

Mandiant is an industry-leading cybersecurity solutions provider. It has identified and prevented major cyber attacks, and its products enable major organizations to protect against malicious software, analyze IT security risks, and stay ahead of threats. Since being acquired by FireEye in 2013, Mandiant now has more than 3,000 employees across 19 global offices.

The situation

  • Development teams are busy releasing new features and are reluctant to focus on theoretical vulnerabilities that will never be exploited by a threat actor.
  • Huge amount of data from security tools. Thousands of vulnerabilities are detected, but many are not relevant based on Mandiant’s risk profile.
  • Prioritizing these vulnerabilities is a manual and time-consuming process.
  • Meanwhile, zero-day vulnerabilities are on the rise.

The process

  • Vulcan asset management organizes data into business groups.
  • Risk-based prioritization identifies relevant candidates for remediation.
  • Remediation campaigns activated for tracking remediation progress.
  • Collaboration and communication with dev teams via their tools, such as Jira.

The results

Greater visibility of threats

Increased collaboration

Trackable progress

Accelerated risk remediation

 

Challenge

Mandiant maintains its reputation as a cutting-edge company through constantly introducing and implementing new features and capabilities into its products. In the view of DevOps and development teams, this progress can be held back by security professionals opening tickets for remediation of theoretical vulnerabilities, many of which will never have any real impact. Developers work hard and are reluctant or unavailable to address abstract security concerns.

For example, in 2021 so far, the security team uncovered over 19,000 CVEs. Of those 19,000, only 217 had real exploits attached to them. And less than half of those were easy to exploit.

Out of the 217 exploitable vulnerabilities, Mandiant had a human analyst assess the risk level and exploit difficulty of each vulnerability. Only 31 were “high risk” and only 1 was “critical”.

The traditional CVSS score method would have treated thousands of the CVEs as critical, but Mandiant’s risk profile is unique, as is every company’s. For Mandiant, certain assets are more significant than others, and vulnerabilities within those assets represent a greater potential risk than so-called “critical” vulnerabilities within assets less relevant to Mandiant’s business. The CVSS score takes an objective view of vulnerabilities’ criticality, and so carries limited usefulness when it comes to assessing risk.

Mandiant wanted a smart and efficient solution to consolidate their data and focus on the vulnerabilities that they believed to be critical.

Not only that, but such an intelligence-led vulnerability management solution should also be centered around full remediation. This would help with cases like the PrintSpooler vulnerability, for which Microsoft announced a patch, but one which Mandiant discovered to be only sometimes effective.

The mass of data and limited developer availability – together with incomplete remediation and the growing number of zeroday vulnerabilities – mean that the need for an intelligent risk-based solution becomes even more pronounced.

Development teams too busy

Vulnerability data unfiltered and not prioritized

Current processes are manual and inefficient

 

Solution

Vulcan ingests Mandiant’s existing data and filters everything according to stakeholders, specific systems and business units. Mandiant has a saved search for “exploitable” and “vulnerable” assets, focusing on “critical” and “high”. They also group their “crown jewels” – or most important assets – into their own business unit.

From here, the Mandiant team easily identifies the candidates for remediation that require the most immediate attention.

A remediation campaign is then created within the Vulcan platform that allows Mandiant to have full visibility of when each vulnerability is remediated across their environment. They can easily check the status of each vulnerability, and track the progress of the relevant people or teams in the remediation process.

Mandiant’s engineering culture means they are heavily reliant on Jira – DevOps and development teams both expect their tasks to appear here. Vulcan lets Mandiant collaborate and communicate via Jira or any other tool they might use. This means that developers receive clear remediation instructions in a way that is clear to them, reducing any potential confusion at a critical part of the process.

Better visibility and cyber asset management

Risk-based prioritization

Trackable remediation campaigns

 

Results

On this particular remediation campaign, Mandiant achieved 100% remediation within just 14 days:

Mandiant uses Vulcan to sift through the noise and find the signals they’re looking for. Before Vulcan, they had several different repositories of information. Vulcan consolidated all this data and identified the most impactful vulnerabilities for Mandiant.

This works out for everyone. DevOps and development teams now receive only the most relevant, impactful vulnerabilities to work on. Meanwhile, the security teams know that the most impactful vulnerabilities are being remediated, and can see clearly what they need to focus on.

Intelligent risk-based remediation means that the right vulnerabilities get fixed for good, with trackable progress across every stage of the remediation lifecycle. This enables security teams to mitigate their risk, improve their processes and better protect their organizations against attackers.

Minimal manual effort

Increased productivity

Remediation outcomes

 

Want to hear more?

See the Remediation Summit session from Matt Shelton, Director, Technology Risk and Threat Intelligence, below:

The Mandiant Challenge

Nisl aliquam lectus placerat augue adipiscing congue

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Mauris id nulla amet ut lectus. Sociis est sit habitant aliquam rutrum in ultrices. Est egestas bibendum pellentesque adipiscing. Iaculis mauris justo blandit viverra mauris, nunc. Faucibus ac lorem nibh eget dolor, rutrum ipsum. Nulla in neque porttitor viverra dolor amet at. Enim, elementum, ultrices netus non egestas pretium condimentum. Malesuada maecenas vulputate interdum suspendisse vestibulum purus sed in facilisis. Dignissim tellus dictum dictumst aliquam elit amet orci.

Nisl aliquam lectus placerat augue adipiscing congue

Id cursus ipsum nibh vitae. Ut fringilla amet, amet, et non congue aliquam et tempor. Risus id feugiat pretium porttitor augue eget auctor fusce. Auctor tortor massa orci vel nam id in sagittis, in. Porta sit in elementum dictum fermentum, id. Bibendum molestie bibendum tincidunt nullam blandit suscipit nisl, magna. Tortor vel elit ultrices pretium a sit rutrum.

Consequat tellus donec tortor et nibh at elementum adipiscing nisl

Et faucibus justo, quis mauris amet, in placerat.

Euismod auctor blandit ullamcorper ante sagittis, sodales risus bibendum. Turpis sed nunc nibh adipiscing dis in sed. Amet non eros sed mi risus. Diam consequat vel, vitae, justo, ultrices. Viverra nisl urna sed quam venenatis mauris rhoncus. Rhoncus libero sapien, at vitae sed viverra lacus aenean. Et arcu vivamus eu imperdiet morbi turpis senectus. Orci, morbi sodales aliquam at orci vestibulum phasellus. risus amet metus ultrices turpis ante. Sodales mollis donec lectus eleifend etiam faucibus justo, aliquet. Elit, elementum diam aenean hac purus vitae sodales in. At ut faucibus habitant posuere. Facilisi nibh posuere elit gravida molestie nulla.

Malesuada in sed ac quis egestas venenatis

1. Vitae, est, egestas ipsum

consectetur sodales ut ullamcorper. In amet mauris commodo aliquam ut. Orci varius rutrum fringilla elementum lorem turpis pellentesque posuere tellus. Ipsum, viverra molestie lobortis nec cras vestibulum vivamus nunc. Amet sollicitudin pharetra, ac, diam, donec ridiculus iaculis interdum. Amet tincidunt fusce metus at. Risus viverra lobortis eu nunc in. Sed lorem non sit mauris elit.

Description for image

Et faucibus justo, quis mauris amet, in placerat

Euismod auctor blandit ullamcorper ante sagittis, sodales risus bibendum. Turpis sed nunc nibh adipiscing dis in sed. Amet non eros sed mi risus. Diam consequat vel, vitae, justo, ultrices. Viverra nisl urna sed quam venenatis mauris rhoncus. Rhoncus libero sapien, at vitae sed viverra lacus aenean. Et arcu vivamus eu imperdiet morbi turpis senectus. Orci, morbi sodales aliquam at orci Dui link luctus metus ultrices turpis ante. Sodales mollis donec lectus eleifend etiam faucibus justo, aliquet. Elit, elementum diam aenean hac purus vitae sodales in. At ut faucibus habitant posuere. Facilisi nibh posuere elit gravida molestie nulla.

Vulcan Cyber Benefits

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

About Mandiant

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Challenge

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Solution

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Results

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Want to hear more?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

People also read

How to fix CVE-2022-32893 and CVE-2022-32894 in Apple Voyager18 (research) How to fix CVE-2022-32893 and CVE-2022-32894 in Apple Aug 21, 2022
CVE-2022-3075: how to fix the zero-day vulnerability in Chrome Voyager18 (research) CVE-2022-3075: how to fix the zero-day vulnerability in Chrome Sep 07, 2022
Why Is Information Technology Important? [3 Reasons] Tools Why Is Information Technology Important? [3 Reasons] Mar 10, 2024