Financial Services (Vulnerability Management)
Case Study
FINANCIAL SERVICES (VULNERABILITY MANAGEMENT)
ISSUE: Needed Fact-Based Evidence for Auditors, Proof of Real-Time Vulnerability Management Program
SOLUTION: UncommonX technology made it easy for auditors to see vulnerability reports for all assets and quickly determine that vulnerability management compliance was met.
TAKEAWAY: UncommonX delivers a comprehensive solution that enables multiple teams to access real-time system and network data — this is especially helpful for Vulnerability Management Programs that inform and support Compliance and Audits.
The Challenge:
- A financial services firm did not have a fully implemented Vulnerability Management Program.
- The firm was concerned with preparations for an audit and questions the auditor would ask around its Vulnerability Management Program.
- They were anxious and stressed at the amount of work it typically takes to complete the audit tasks using their original systems and tracking.
- More importantly, how could they ensure that vulnerabilities were being identified, acknowledged by the team, prioritized, addressed for risk, and reported through the audit review?
The Solution:
- UncommonX technology enabled the customer to easily
- Organize all of their systems with significant levels of context (location, type of device, risk score).
- Identify and export vulnerabilities by location, a specific score, or severity.
- The system also streamlined the collection and reporting of all assets with a specific vulnerability—in one central location.
- This data can be easily exported as reports, simplifying the process for technology leaders to complete compliance work for audits—saving a tremendous amount of time.
- Additionally, the UncommonX platform made it easy
- For the firm to track ownership of a class of assets.
- For the auditors to quickly determine compliance as it relates to the firm’s vulnerability management program.
The Results:
- UncommonX’s intuitive platform enabled the firm to quickly report the following in real time:
- The status of its vulnerabilities within the environment.
- Ownership of remediation tasks.
- And importantly, completion of the updates required to eliminate risks associated with known vulnerabilities.
- The alerting functions, tracking of asset class ownership and Relative Risk Rating (R3) allowed the firm to quickly provide fact-based evidence to the auditors that the actions they take on vulnerabilities within their corporate assets are updated and maintained in real time.
Takeaways:
- As in many cases, proper planning and communication are essential to create a safe and secure IT and networked environment.
- Many organizations have multiple stakeholders in their Vulnerability Management Programs and need a central system that allows multiple teams access to real-time data.
- This enables groups to prioritize risk associated with vulnerabilities within their environments.
- Fortunately, a comprehensive solution like the UncommonX platform and its 24/7 SOC provides the necessary insights to clients as they prepare for their audits.