We streamlined our client’s vulnerability management process to add visibility, transparency, and accountability for remediation efforts.

Context

Financial services client needed to overhaul their information security policies and processes to address compliance requirements. Specifically, client needed to burndown a significant backlog and show a commitment to sustainability.

Solution

Employ Organization Change Management (OCM) to identify gaps in process and team structure. From there, revise and rollout vulnerability standards and policies across the enterprise.

Details

Initially, our team reviewed the client vulnerability remediation process, tooling landscape, and reporting practices.

Following, we sat with infrastructure, engineering, SRE, DevOps, analytics, and leadership teams to review remediation processes.

From there, we were able to identify several critical areas of improvement. Our focus was on consolidating communication channels, streamlining reporting, and firming up dependencies.

Lastly, our team developed automated ticketing, tracking, and reporting systems to add transparency and visibility to the state of all vulnerabilities. In addition to saving hundreds of man-hours, this system helped burn down a backlog of over 100k vulnerabilities.

Overall, some of the most important technologies that led to the success of this transformation included:

• Jira
• Python
• Wiz
• Qualys
• Kenna
• RedHat

Results

In summary, our client was able to burndown their growing backlog of over 100k vulnerabilities and meet compliance standards. Additionally, our client was able to leverage new processes to save time and work more efficiently.

Ultimately, our client realized increased security, eliminated update meetings, and improved critical compliance metrics.

Related Projects

Many projects involve similar technologies and processes, here are some other case studies you may find useful:

• Increase Sales with Real-Time Data
• Create IoT Guest Experience

More on Vulnerability Management Process

In most cases, organizations struggle to stay on top of vulnerability management.

Technology changes quickly, and teams are often frustrated with how frequently they need to circle back to update previous work. Likewise, leadership also gets frustrated by the slow progress towards new implementations.

How does this shake out?

Successful teams generally set aside roughly 25-30% of their sprint capacity to address urgent matters and technical debt. Generally, this number surprises and offends leadership teams, especially at organizations that are working through a digital transformation.

Additionally, vulnerabilities change quickly and frequently across every piece of software. If a strong process and communication standard is not enforced, it is extremely likely for things to fall through the cracks.

Every company has different needs, but for most companies, security is a top consideration. If this topic interests you, check out some of these reads:

• Vulnerability Remediation Process – High Level
• Crowdstrike – Vulnerability Management Overview

If your organization is looking to update your vulnerability management process, we would love to learn more!

– Team Llama 🦙