How to Make Your IT and Operations Team Security Remediation SuperstarsMarch 23, 2022 - 2 min read
Necessary Links for a Necessary Chain
The best efforts of an enterprise IT and Operations team can be completely undone by one hacker leveraging one vulnerability at one given moment in time. IT and Operations should be very motivated to make sure they continuously have an effective security posture. But here we have a conundrum. The Operational Support and IT teams tasked with fixing but are not cyber security experts. Then how can the Vulnerability Management (VM) team empower Ops and IT to perform effective and timely fixes? How can we make them Remediation Superstars?
Five Steps to Turn Your IT and Operations Team into Remediation Superstars:
- Accuracy – False positives are the Achilles heel of effective remediation. Not only do they rob the support team of precious bandwidth, they actually slow the mean time to remediation. You must remove false positives before you communicate to your IT and Ops teams.
- Brevity – IT and Operations already have their day-job. To ensure you get effective support against what really matters, you should take the time to present concisely all relevant vulnerabilities across the entire IT stack – web apps, network and devices etc. – in one single report. The faster they can ascertain the issue, the faster they can act on your alerts. The faster they can act, the lower the remediation time to fix.
- Business Ranking – Do not let the quantity of alert-types dictate the prioritization of the resolution requests. Instead rank them by business severity. This will ensure you get the lowest remediation time on the issues that really matter.
- Remediation Guidance – Integrate your alerts with actual step-by-step remediation guidance. In addition, offer a direct phone line so they can get verbal step-by-step guidance for critical items as needed. If you see a pattern of issues – say at the code level – provide proactive guidance on cyber hygiene best practices to ensure these types of vulnerabilities have no chance of appearing.
- Daily Workflow Integration – Do the research up front on where your IT and Operations team typically manage their task assignments. If it’s a ticketing system, then integrate your business-ranked alerts and remediation guidance into that system. If it’s a bug-tracking system like Jira, then likewise provide your alerts into that system. If it’s something simple like an Instant Message – they use that IM system. To ensure the most efficient and timely communication, make sure your Vulnerability Management (VM) system can integrate with your support team’s chosen system. The goal is to make the vulnerability remediation effort part of their daily workflow. This will both make efficient use of your support team’s limited bandwidth and have a direct impact on remediation times.
Alignment is Key
As a precautionary measure, you should be proactive and remind your IT and Operational Support team that you are actively identifying vulnerabilities across the attack surface that may have real business impact to not only operational runtime and IT services availability but the business’s bottom-line. All of you are on the same team with this common goal. All of you should be aligned to prevent any unnecessary business disruption. The key to realizing that goal is lowering remediation time on the issues that have business impact. By taking these five steps, you can ensure that members of your wider team become remediation superstars.
Want to learn more about Enabling Your IT and Operations Team? click Edgescan/ Does a Hybrid Model for Vulnerability Management Make Sense?