Financial Services (Vulnerability Management)

Case Study

FINANCIAL SERVICES (VULNERABILITY MANAGEMENT)

ISSUE: Needed Fact-Based Evidence for Auditors, Proof of Real-Time Vulnerability Management Program

SOLUTION: UncommonX technology made it easy for auditors to see vulnerability reports for all assets and quickly determine that vulnerability management compliance was met.

TAKEAWAY: UncommonX delivers a comprehensive solution that enables multiple teams to access real-time system and network data — this is especially helpful for Vulnerability Management Programs that inform and support Compliance and Audits.

The Challenge:

  • A financial services firm did not have a fully implemented Vulnerability Management Program.
  • The firm was concerned with preparations for an audit and questions the auditor would ask around its Vulnerability Management Program.
  • They were anxious and stressed at the amount of work it typically takes to complete the audit tasks using their original systems and tracking.
  • More importantly, how could they ensure that vulnerabilities were being identified, acknowledged by the team, prioritized, addressed for risk, and reported through the audit review?

The Solution:

  • UncommonX technology enabled the customer to easily
    • Organize all of their systems with significant levels of context (location, type of device, risk score).
    • Identify and export vulnerabilities by location, a specific score, or severity.
  • The system also streamlined the collection and reporting of all assets with a specific vulnerability—in one central location.
  • This data can be easily exported as reports, simplifying the process for technology leaders to complete compliance work for audits—saving a tremendous amount of time.
  • Additionally, the UncommonX platform made it easy
    • For the firm to track ownership of a class of assets.
    • For the auditors to quickly determine compliance as it relates to the firm’s vulnerability management program.

The Results:

  • UncommonX’s intuitive platform enabled the firm to quickly report the following in real time:
    • The status of its vulnerabilities within the environment.
    • Ownership of remediation tasks.
  • And importantly, completion of the updates required to eliminate risks associated with known vulnerabilities.
  • The alerting functions, tracking of asset class ownership and Relative Risk Rating (R3) allowed the firm to quickly provide fact-based evidence to the auditors that the actions they take on vulnerabilities within their corporate assets are updated and maintained in real time.

Takeaways:

  • As in many cases, proper planning and communication are essential to create a safe and secure IT and networked environment.
  • Many organizations have multiple stakeholders in their Vulnerability Management Programs and need a central system that allows multiple teams access to real-time data.
    • This enables groups to prioritize risk associated with vulnerabilities within their environments.
  • Fortunately, a comprehensive solution like the UncommonX platform and its 24/7 SOC provides the necessary insights to clients as they prepare for their audits.