“Most vulnerability management programs are paper tigers — they generate a mountain of data and work but have negligible benefit to enterprise security,” said Yaniv Bar-Dayan, co-founder and CEO of Vulcan Cyber. “We created the vulnerability remediation maturity model after consulting with hundreds of CISOs, security and IT professionals to understand shortcomings in vulnerability management programs. The model helps companies design outcome-driven vulnerability remediation programs through a unique approach to people, process and tool alignment. We’ve seen it help companies like Snowflake, Comcast and Informatica get fix done.”
The vulnerability remediation maturity model, combined with the Vulcan vulnerability remediation orchestration platform, is also used by managed security providers (MSPs) and consultancies to help teams improve vulnerability management program results.
“We provide managed detection and response services for a wide array of companies, and outcome-driven vulnerability management is a substantial pain point for our customers,” said Cecil Pineda, Senior Director at Critical Start and former CISO of the Dallas Fort Worth International Airport. “The Vulcan maturity model creates clarity and focus for vulnerability management programs while defining the best path to vulnerability remediation results. We applaud this initiative as we work with Vulcan Cyber to help our customers transition from simply managing vulnerabilities to actually remediating them.”
The Vulcan Cyber eBook establishes the first vulnerability management maturity model to advance beyond simple vulnerability scanning or prioritization. Consisting of four stages, or maturity levels, it defines a results-based framework for driving vulnerability management programs to a transformative state of cyber hygiene control. This model is laser focused on end-to-end vulnerability remediation.
The four stages of The Vulnerability Remediation Maturity Model include:
Stage 1 – Reactive: Most enterprises find themselves at this maturity level, where vulnerability management programs are tactical, reactive, siloed and most often do not deliver remediation.
Stage 2 – Data-driven vulnerability management: The enterprise security team and its allies have learned to normalize diverse scanner outputs and enrich them with other data streams in order to derive prioritized, actionable vulnerability insights. The security team’s data-driven, strategic vulnerability decisions are now based on a real-time understanding of asset status and criticality, compliance requirements, and threat intelligence.
Stage 3 – Orchestrated vulnerability remediation: All vulnerability remediation program stakeholders (security, IT operations, engineering, business unit owners) break down existing silos. Their processes and practices become visible and their separate tech stacks are integrated so that they can collaborate across fluid, optimized, and automated remediation workflows.
Stage 4 – Transformative cyber hygiene: Transformative vulnerability remediation unites multiple cross-functional teams in a distributed framework in which vulnerability remediation is a democratized process. While security teams are ultimately accountable for vulnerability elimination, key stakeholders across teams are given the tools, remedies and intelligent insight they need to make decisions and take action to achieve cyber hygiene.
About Vulcan Cyber
Vulcan Cyber has developed the industry’s first vulnerability remediation platform, built to help cybersecurity and IT operations teams collaboratively secure digital business. The Vulcan SaaS platform closes the gap between detection and remediation to reduce vulnerability dwell time and associated business risk. Vulcan Cyber orchestrates the full remediation lifecycle from identifying and prioritizing vulnerabilities to curating and delivering the best remedies, to automating processes and fixes through the last mile of remediation. It’s unique ability to “get fix done” has garnered Vulcan Cyber recognition as a 2019 Gartner Cool Vendor and an RSAC Innovation Sandbox 2020 finalist. Based in Tel Aviv and San Francisco, Vulcan Cyber is privately funded by cybersecurity specialists YL Ventures and TenEleven Ventures. For more information please visit https://vulcan.io.