12 Dec From reactive patching to proactive protection: 5 reasons to outsource vulnerability management
Co-authored with Josh Ginty, Practice Manager – Managed Services at Eighty20 Solutions
High-profile cyberattacks in 2022 have given organisations even greater motivation to ramp up cybersecurity protections. Addressing Essential Eight maturity is a great place to start, with monitoring and response to desktop and infrastructure platform vulnerabilities a key part of any cybersecurity strategy. But for IT teams with an application estate of thousands of titles, having vulnerability response controls appropriately governed and structured to counter threats within best practice time frames can be the Mount Everest on their to-do list.
This is where a managed service solution can come to the rescue. As the sherpas of your security vulnerability management efforts, experts like Eighty20 know the terrain and can relieve your team of the burden of patching, upgrading applications and identifying security vulnerability mitigation and remediation. Here are five key benefits a managed service can offer to keep your organisation on the front foot with recognising and responding to vulnerabilities:
1. Proactive monitoring across all attack surfaces, more often
Let’s say an organisation’s application estate is well documented, and universally packaged for deployment with well-defined ownership and known functional use cases. If this were the case, a best-practice patching & upgrade protocol carried out on a monthly schedule might be enough to pre-empt the majority of vulnerabilities. But we have yet to come across a client with an application portfolio so tightly managed.
Most customers are not managing the risks presented by their end-of-life software. As a result, these will often need license and infrastructure upgrades to remediate vulnerabilities without jeopardising business processes. In other instances, there will be no clear application owner, which makes functional testing difficult to arrange, introducing further risk to the business upon release. Lastly it is almost impossible to proactively manage 3rd party applications without vulnerability scanning and reporting.
As a managed service provider, Eighty20 can design and implement vulnerability scanning across an organisation’s tech stack and devices for real-time vulnerability compliance reporting. Alternatively, we can work with your existing vulnerability scanning infrastructure to maximise your investment. We’ll also work with IT leaders and teams to develop fit-for-purpose policy controls including exemption processes, and frameworks for ring release patching and deployment schedules that reduce business risk during roll-out.
2. Faster mitigation / remediation
Knowing vulnerabilities exist is certainly important, but acting to counter a known threat is not always straight forward. Effective and timely mitigation or remediation of vulnerabilities takes detailed knowledge of the nature of the external threat, how it impacts the organisation’s software and devices, and the most effective treatment. Customers with over stretched delivery teams can often struggle to present timely treatment plans to complex vulnerabilities within days or even weeks of an alert.
As Eighty20 services multiple organisations, our clients get the benefit of a centralised, expert driven effort to provide treatment planning for mitigation and remediation within Essential Eight Maturity frameworks. These treatment plans can be executed by Eighty20 resources or handed over to BAU for execution depending on the level of service that best meets your requirements.
Our response to the Log4J vulnerability in December 2021 is just one example of the speed and effectiveness of a managed service solution. As a threat with impact across hundreds of apps, it was important to address this vulnerability quickly but thoroughly. Despite the timing of this alert – within a week of Christmas is never a good time to mobilise resources – Eighty20 responded within 72 hours with a treatment plan for our clients and started executing on it immediately with mitigations in-place within days of the initial threat alert.
3. Leverage expert knowledge
Not only is this a rapid turnaround, the cost of outsourcing treatment via our remediation team is cost-effective compared with retaining team members with this capability. Instead of having to find and pay for highly specialised in-house skills to assess and treat vulnerabilities, organisations can enjoy on call access to these resources. This highlights a further benefit of having third-party experts on hand to act quickly with the expertise needed to remediate with minimal disruption.
Eighty20 offer a high-level of expertise, automation and dedicated support to our managed service clients that makes our offer both effective and affordable. We’re a boutique consulting firm so we can offer a bespoke solution scaled to each client and the volume of devices and apps they need support for. As Microsoft partners we offer the highest level of knowledge and service to remediate their technologies and we augment this with third party tools and our own proprietary solutions for rolling out patches and updates across an entire tech stack. We also treat our clients as if their business were our own and react to an identified threat or vulnerability with the same level of commitment they would expect from an internal team.
4. Stay one step ahead
The value of an investment in this managed service doesn’t only come from fast and effective troubleshooting for ad hoc threats. By monitoring your tech stack for product updates and releases, our Eighty 20 process supports reduction in vulnerabilities over time by introducing evergreen release models for key Microsoft and third-party applications. Setting up automated patching cycles and introducing management controls to proactively upgrade software significantly reduces the risk of unforeseen problems coming to light.
Working with your IT team, we can also introduce controls to implement updates in a manner that won’t put operations at risk. A staggered release of new features across users can limit risk of functional disruption and bring an organisation the benefits of features and enhancements without compromising productivity.
As part of the process for setting up this refresh cycle across the thousands of apps an organisation might use, we can also identify and report on risk exposure from end-of-life software. Presenting a problem statement and choice of solutions to business stakeholders supports a risk-aware decision on prioritising project resources to retire and/or replace these unsupported apps before they become vulnerable.
The cost of ownership of a solution like this reduces significantly over time. Both the volume of alerts from vulnerability compliance reporting and the overhead for managing software can be expected deliver substantial cost savings as well as better visibility and reporting on an organisation’s cyber risk position.
5. Keep stakeholders informed
Giving stakeholders – including board members, shareholders, and regulators – assurance that vulnerability exposure is visible and managed is an important part of modern cybersecurity practice. At Eighty20 we use the Microsoft Power BI stack to provide tools IT teams can use to report back on updates and remediations completed per device, across business units and the organisation as a whole. Trends over time are also displayed, demonstrating how the cost of standing up and running the service pays off in increased compliance.
This type of reporting can also flag the age of untreated vulnerabilities, making it clearer to decision makers where effort and budget is needed to address the risks arising from legacy systems and software.
As a flexible and growing consulting business, Eighty20 covers all facets of Essential Eight controls and maturity. We have in-house experts in everything from whitelisting to end point detection and response, giving our clients access to a broad knowledge base to map out and support their journey to maturity in cyber resilience.