BlogCareersContact Us
< Back to Blog

It’s for an Automated Vulnerability Management Program

Rhett Glauser
 | May 6, 2020
 | Vulcan Cyber CMO

Managing your vulnerabilities – from identification and prioritization all the way through to remediation and resolution, is an extremely time-consuming task. This is why Vulnerability Managers need to find ways to take the most mundane, repetitive aspects of vulnerability management such as scanning and opening tickets and integrate them into an efficient process.
In 2019, companies in the United States spent an average of 443 hours a week on their vulnerability management programs! It’s a 30% increase to 2018, resulting in approximately 23,000 hours a year spent. This is equal to 11 FTE across Security, IT and DevOps teams.

Automating the vulnerability response processes isn’t just a luxury, it’s a necessity. With the growing number of vulnerabilities every year, the manual process in place today inevitably results in Vulnerability Management, IT, DevOps and Engineering teams remaining unable to scale their vulnerability management programs to meet organizational risk management requirements.

Now, we understand that implementing automation not an easy task, especially around infrastructure and application changes, required to resolve cybersecurity vulnerabilities and issues. But there are several tasks and processes that, if automated, will have significant impact, with low implementation costs and risks:

  • Scan coverage checks: Identifying when the scanner may not be configured correctly to scan specific assets in your cloud environments or data centers by continuously comparing a list of your workloads, against a list of your vulnerability scanners configured assets, finding mismatches.
  • Automate prioritization of vulnerabilities: Fusing threat intelligence around public exploits and usage in the wild with your vulnerability data. By doing so, you have the ability to reduce the number of critical and high vulnerabilities by up to 90%
  • Streamline ticket creation and assignment: Creating a routing metric of issues, assets and owners, and routing the tickets to the right assignee, using a direct API connection to your ticketing platform.

 

Vulnerability management is an ongoing, repetitive process that most likely will not be solved. However, it does need to be managed properly. For that to happen, you have to make sure that you have eyes on the entire process – from the moment the vulnerability was discovered, until it was verified as solved. There are many tricks you can use to help you achieve the process management, and will save you the trouble of running manual, mundane tasks.

About the Author

Rhett Glauser

Rhett has been running corporate marketing and demand generation functions in the enterprise infrastructure and security markets for a really long time. Prior to Vulcan Cyber Rhett spent more than two decades with SaltStack, ServiceNow, Symantec and Altiris.

People also read

How to fix the zero day CVE-2022-22620 vulnerability

Read More >

SANS Cloud Security Survey 2022 – highlights

Read More >

5 Azure Security Tools You Should Know About

Read More >

CIS Benchmarks and system hardening: an introduction

Read More >

Microsoft zero day, More Musk drama, and more: first officer’s log – week 3

Read More >
< Back to Blog
Did you find this interesting? Share it with others:

Be a Fixer