The problem
- Multiple sources of vulnerability data caused chaos and prevented prioritization.
- Patch management fatigue.
- Poor communication around vulnerabilities and business risk.
- Overloaded teams scrambling to meet SLAs without adequate data.
Vulcan Cyber benefits
- Increase in number of vulnerabilities patched within the SLA due to greater efficiency.
- Improved accuracy of vulnerability prioritization thanks to Vulcan Cyber risk scoring.
- Decrease in overall mean time to remediation.
- Single pane of glass for vulnerability risk.
- Tracking and reporting of KPI/metrics to demonstrate ROI for C-suite and teams.
About Verana Health
Verana Health is a digital health analytics company that provides healthcare organizations with insights into patient data to help healthcare providers improve the quality and efficiency of care.
Verana’s platform analyzes large amounts of data quickly and efficiently using artificial intelligence and machine learning. Because they handle protected health information (PHI) and personally identifiable information (PII), Verana is subject to stringent regulatory standards and must take extensive measures to ensure that patient data is secure.
The healthcare industry at a glance
- According to IBM, healthcare remains the industry with the most expensive data breach costs, escalating from $10.10m in 2022 to $10.93m in 2023, marking an 8.2% growth.
- Healthcare organizations are increasingly under attack, both for the valuable information they handle and for the hefty ransoms they are willing to pay.
- 47% of healthcare IT professionals said their organization had been attacked in the previous 2 years.
- Out of 870 ransomware reports to the FBI in 2022 across 14 major sectors, healthcare experienced over one-third more incidents (33.8%) than the second-most vulnerable sector.
The situation
- Assets were incomplete and incorrectly categorized.
- Different vulnerabilities from different sources, but no unified view of vulnerabilities.
- Struggle to communicate cyber risk to business and technical owners.
- Relatedly, there was an ongoing effort to change the culture to one more aware of vulnerability risk.
- Lack of correlation made remediation difficult with limited resources.
The process
- Vulcan Cyber helps establish automated alerting and remediation playbooks to ensure consistent, error-free workflows.
- Single pane of glass provides a centralized view of all vulnerabilities for a comprehensive understanding of overall security posture.
- By correlating vulnerability risk with business risk, Verana has the data they need to prioritize remediation decisions.
- Threat intelligence ensures that Verana understands the full potential impact of vulnerabilities.
- Automated remediation processes ensure fast, efficient solutions that reduce the risk of an exploit and keep Verana’s security posture as strong as possible.
The results
- Unified view of vulnerabilities simplifies tracking and prioritization.
- Improved risk correlation for educated prioritization and decision-making.
- Streamlined communication throughout the organization around the significance of timely vulnerability remediation.
Challenge
Verana faced a number of challenges in their vulnerability management program. The volume of vulnerabilities was increasing, the complexity of the vulnerabilities was becoming more difficult to understand and prioritize, and the security team was feeling overloaded.
Operating in the healthcare IT world and handling significant volumes of PHI and PII, Verana realized the stakes were high. The implications of a potential breach included financial losses, regulatory penalties, and reputational damage.
They wanted to improve their vulnerability management program to reduce their overall risk exposure. They understood that they needed to find a way to prioritize vulnerabilities, because within the current ecosystem—with limited resources and a busy security team—they couldn’t possibly fix everything, thus making it crucial to find the most exposed areas and fix them first.
They also realized that without a centralized view of vulnerabilities and risk correlation, they would continue to experience severe inefficiencies around risk prioritization. They also needed to improve communication and the culture within their organization, raising awareness of the risks and improving accountability.
Solution
Vulcan Cyber ingests all of Verana’s existing vulnerability data, including vulnerability scan reports, asset inventory data, and configuration data. It then uses this data to create a centralized view of Verana’s vulnerability landscape.
This view gives Verana’s teams information about the severity of each vulnerability, the assets affected, and the business impact of each vulnerability, guiding them to prioritize vulnerabilities efficiently and focus on remediating the vulnerabilities that pose the greatest threat to their business. Vulcan Cyber then provides Verana with remediation recommendations for each vulnerability, including steps to remediate it.
The platform also helps Verana track the progress of the remediation process with concrete KPIs and metrics, ensuring a clear understanding of which vulnerabilities have been remediated, which vulnerabilities are still outstanding, and time to remediate each vulnerability. With the platform’s reporting capabilities, Verana’s security teams can also communicate more effectively with their stakeholders about their vulnerability management program and progress in this department.
Vulcan Cyber has improved Verana’s overall vulnerability management in a number of ways:
- Establishing straightforward remediation orchestration playbooks.
- Providing a centralized view of vulnerabilities.
- Prioritizing vulnerabilities based on threat intelligence, business context, and attack path methodologies.
- Tracking and reporting on risk state and remediation progress.
Since working with Vulcan Cyber, Verana has reduced their volume of vulnerabilities along with their mean time to remediation, cutting overall risk exposure and protecting themselves from a number of potential threats. This was a critical goal for Verana as their business model grew and expanded, and Vulcan Cyber has ensured that their vulnerability management solution grows and scales with their organization, preserving their data and reputation as they grow.
Want to learn more?
Whatever industry you’re in, Vulcan Cyber can help. If your teams are overloaded and struggling to meet SLAs in the face of vulnerability chaos, check out our latest resources or get your free demo today.
Watch the full session of Verana Health from the CyberRisk Summit 2023 >>