Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Is an Effective Vulnerability Management Program in Your Future?
The sad truth about penetration tests is that they are almost always successful in demonstrating dramatic security events. Even junior assessors can go from minimal access, below the level of most employees, and gain administrative domain credentials for an internal corporate network. Typically, they accomplish this goal within a few days of having arrived in office environments where they have never even been before. It is even sadder that they can do all this with a limited set of attack techniques.
However, some organizations are more resistant to conventional attack methodologies than others. Some companies gather vulnerability data on a regular basis, make informed decisions based on that data and assign remediation responsibility. Functional vulnerability management programs can mean the difference between long periods of pleasantly uneventful productivity and a catastrophic compromise from an attacker with limited to moderate skills.
Optiv has created a white paper that outlines a general structure to guide organizations wishing to create their own vulnerability management programs. Based on analysis of successful programs from leading companies, this document spells out the components at a high-level and lays out some of the lessons learned from the evaluation and implementation of these programs.
Anyone wishing to make informed decisions about their company’s security can benefit from the kind of program that this white paper outlines. Although not all companies have these programs in place, the ones that do tend to have far fewer surprises after penetration tests and compliance audits. They also, presumably, face fewer realized threats from actual attackers. The intent of this white paper is to guide security administrators in the beginning phases of the process of creating a fully realized vulnerability management program.
For clarity, this document breaks down vulnerability management into three parts. First, data acquisition includes components, like conventional vulnerability scanners and web application scanners that collect vulnerability and compliance data from across the enterprise. The white paper also discusses information storage and analysis technologies such as security information and event management (SIEM) solutions, and vulnerability classification and weighing. Finally, the discussion includes details about accountability engines, which organize and promote remediation efforts.
Administrators wishing to enhance their own security programs can use this framework as a model to aid in future efforts. In addition to detection and remediation of critical vulnerabilities, these programs offer added benefits, including the facilitation of compliance efforts for internal policies and externally mandated standards such as the Payment Card Industry Data Security Standard (PCI DSS). Although it is not necessarily anyone’s intention to gather mundane information such as the presence of or support for weak or outdated communications protocols (i.e. Telnet), the same technology used in these programs also offers related policy or compliance benefits. Not only can a working vulnerability management program save organizations from security incidents, it can promote compliance by allowing administrators to know where non-compliance exists.
September 28, 2016
Learn how Optiv's Executive Security Awareness program can find and address security vulnerabilities for your company's executives.
October 11, 2017
Optiv’s managed vulnerability services identify, prioritize and reduce network vulnerability exposure.
Let us know what you need, and we will have an Optiv professional contact you shortly.