C5: Turning weaknesses into strengths

Written by: C5 Alliance Posted: 06/03/2020

AD_C5_PeterLescopThe growing threat of security and data breaches continues to put IT teams under pressure. However, embracing a Vulnerability Management System (VMS), alongside a robust patching operation, can not only offset risk, but also demonstrate the strength of an organisation, says C5 Alliance Security Consultant Peter Lescop (pictured)

2020, a new decade with old problems. News headlines have been highlighting more weaknesses within IT systems around the world. Cyber criminals held the currency giant Travelex to ransom, leading to staff having to use pen and paper and preventing transactions at banks and supermarkets.

The British government apologised after a data breach in which a user accidentally published the addresses of more than 1,000 New Year Honours recipients online.

There have also been claims that the crown prince of Saudi Arabia hacked Amazon boss Jeff Bezos’ phone.

Measures are in place to protect and prevent major incidents like these from striking at the heart of organisations. Regulatory and compliance frameworks – such as the UK government’s Cyber Essentials and the Payment Card Industry Data Security Standard – require organisations to ensure that they frequently carry out tasks such as scanning, reporting and remediation of their IT systems.

Businesses must ensure that their organisational security meets compliance requirements, contractual obligations and risk management standards.

However, even some of the most trusted IT organisations aren’t immune. A recent patch release from Microsoft was unusually accompanied by a public warning from the US National Security Agency, to fix a flaw found within the Microsoft Windows cryptographic service. IT and security teams are being stretched to implement and run an effective patching cycle to keep up with these regular patch releases.

Plus, they may also have to adhere to cybersecurity frameworks such as Cyber Essentials, which has a strict requirement for operating systems, firmware and application patching to be implemented within 14 days of a vendor releasing a fix for a high-risk or critical security vulnerability.

This can be very challenging for many organisations’ security teams. Microsoft can simplify the process with operating system patching to an extent, but what about non-Microsoft products, applications, network switches, printers or firewalls?

Even if a team manages to patch all of its products within the 14-day deadline, how can it be certain the patches have all been applied successfully?

This is where the implementation of a Vulnerability Management System (VMS), alongside a robust patching operation, can help. A VMS provides the ability to scan and report vulnerabilities across a large array of endpoints – such as end-user devices, printers, telephony systems and network infrastructure.

These vulnerabilities can range from standard operating system security patches to legacy configurations. 

Implementing a VMS means your teams no longer need to rely on reading security blogs to know what and when to patch. It allows them to prioritise patching based on vulnerabilities that are being actively exploited.

You can leverage the research and analytics of your chosen VMS partner to fulfil this while your teams can dedicate their time to the more important task of patching.

Once a VMS is in place, you need an effective way to respond and remediate any vulnerabilities. Most vulnerability management systems provide several means of achieving this, such as:
• Providing risk scoring profiles per vulnerability
• Creating tracked projects to resolve groups of vulnerabilities 
• Combining your VMS with patching products, such as Microsoft’s System Centre Configuration Manager (SCCM), to automate your VMS and patching cycle. 

Once a vulnerability has been found by your VMS, you can automate the process to send a request to patch directly to the SCCM, saving time and effort.

C5 Vulnerability Management Service

Our vulnerability management and patching services provide flexibility to create a scanning and remediation program specifically designed to fit an organisation’s requirements. You can choose various service levels to meet your business needs and current in-house capabilities.

The services are delivered by our Managed Services team using ‘best of breed’ platforms, which correlate live scan data against monitoring data for advanced threat correlation and profiling. The service provides:
• Vulnerability assessments
• Reporting and management services to businesses utilising a market leading vulnerability management platform 
• The ability to identify, classify, prioritise and report on vulnerabilities that exist on networks, systems, endpoints and applications 
• Reduced risk for your business and enhanced legal and regulatory compliance, with active monitoring and detailed compliance reporting for regulatory and industry frameworks. This protects your organisation’s data and systems 24/7, with an active and robust vulnerability management service.

By harnessing the power of an automated vulnerability management system, organisations can ensure that they are benefiting from the security of leading-edge protection. 

Find out more
Please contact enquiries@c5alliance.com for further information on how C5 Alliance can support your business or to participate in a free Proof of Value (PoV) deployment of our Vulnerability Management solution. 

• This advertising feature was first published in the February/March edition of Businesslife magazine


Add a Comment

  • *
  • *
  • *
  • *
  • Submit
VG - Time to change

It's easy to stay current with blglobal.co.uk.

Just sign up for our email updates!

Yes please! No thanks!