Challenge
The Bank effectively uses the Defensys SOAR and SGRC in their routine. Nevertheless, the implemented scanner of the Bank from another vendor reported about numerous vulnerabilities daily. Thus the necessity appeared to develop and set up new processes of vulnerabilities management.
Implementation
New policies and processes had to be restructured considering the specifics of the Bank’s infrastructure: all company’s assets are united into informational systems. Individual departments of the Bank and even teams are responsible for different cyber security functions.
Using integration with the Bank’s task-manager, the Defensys’s engineers updated response processes. A playbook, that creates a ticket for responsible employees in a task-manager and adds a report in Excel-form, starts after a new portion of vulnerabilities has automatically come from the scanner. The report contains necessary information regarding vulnerabilities only for a certain team, responsible for separate business processes.
If the issue is resolved, the ticket can be closed. If the closure is impossible at the moment, the user adds feedback to the ticket and provides reasons, why the process can’t be finished yet. The process will be looped till the incident is properly closed.
Moreover, the Vendor has updated report forms. Modified reports contain statistics regarding the number of created incidents and terms of their closure dates. With the new reports managers can track identical incidents with the same non-closure reasons in their fields during further audits.
One of the most important features, noted by the Bank, is that Defensys vulnerability management capabilities enable the software to calculate the vulnerability severity based not only on the CVSS score from the scanner, but
also takes into account the criticality of assets stored on the side of Defensys SGRC platform. This way all the vulnerabilities that should be treated are triaged and prioritized in the most effective way.
Results
As a consequence, the Bank now has a smooth-running process of vulnerabilities handling. Vulnerabilities are formed automatically in accordance with internal policies and responsible employees quickly receive necessary information. Now they have more time to resolve issues and keep the Bank’s system secured.