Wed 06 October 2021
Tedious, Painful, Unending… is this what you are dealing with when following up on vulnerabilities to make sure things are fixed urgently, diligently, and efficiently?
This typically involves lengthy back-forth using your favorite and so much loved internal ticketing system or plain old email.
After copy and pasting findings from pentest reports and vulnerability scanners. Followed by reviews to ensure enough details are being provided to fix the issue, and not forgetting to verify that findings are not duplicates, false positives, or part of a residual risk. Someone is hopefully finally assigned to fix the issue. Unless the issue is forgotten, dropped, or lost track of until your following assessment or compromise incident review.
What a hard journey!
While many security solutions support integration with 3rd party systems, the reality is that this often stops at creating a ticket or updating an existing one. These integrations often lack any aggregation or intelligent follow-up of findings, making more cleanup work than it solves.
Here is what an ideal integration should do:
- It should keep track of all occurrences of the same vulnerability in the same ticket;
- It should offer the possibility to flag fixes and verify them;
- In the case of false positives or accepted exceptions, it should not trigger a new issue.
- And in the case, the issue was fixed, but later reappeared, it should reopen the same ticket to keep track of the fix history
The good news is this is what Ostorlab does now. Please let me introduce our new remediation capabilities! :)
- We properly aggregate vulnerabilities so you don’t have to
- We validate fixes and let you know once issues are verified
- We ensure continuous tracking of false positives, exceptions, and re-opened issue
And this will work either you have your internal ticketing system, like Jira or ServiceNow, that we seamlessly integrate with,or by using our fully standalone system built from the ground up to manage vulnerabilities.
The new ticketing system allows you to:
- Assign ticket to a user to ensure fixes are implemented
- Collaborate with your team and interact with them through the comment section
- Set priorities, update statuses and tag tickets to indicate urgency or ease lookup and filters
- Search ticket by user, priority, status, or tag
- Automatically trigger a fix verification once an issue has been resolved
The platform goes even further as you can set vulnerability SLO, like “please fix high severity issues in less than 5 days”.
Thanks to ticket aggregation, the platform knows if an issue hasn’t been resolved on time and helps prioritize it or escalate it.
And it still doesn't stop here. All ticket and vulnerability activity will generate metrics to allow you to monitor the health of your security program, like fix rate, % of secure apps, exception and re-open rate.
These metrics are tracked through time but can be compared with an organization’s average and best practices. This way, you have all the data at hand to make sure you are making the right decision and driving the right priorities.
The platform also allows you to segregate remediation work in different organizations. Say for instance some apps are built internally while 3rd party does others. Giving access to your internal ticketing system is a nogo, then you can create a dedicated organization for each, and manage remediation efforts separately.
And finally, these capabilities do not stop at scan results, tickets can be created to manage vulnerabilities from other platforms or manual assessment, this way you can take advantage of all the metrics and analytics data generated automatically by the platform and also have a single stop to manage all your findings:
Offering these capabilities, from remediation, vulnerability fix ownership, setting fix policies, and collecting and comparing metrics about your organization is part of a more extensive program to build an autonomous security scanning solution.
While the ambition of driving automated mitigation and remediation of vulnerabilities, from pushing the fix to the store up to disconnecting non-critical machines, is an extensive program. These capabilities are critical to reaching that advanced level of autonomy.
Future features are already in the making and will focus on providing more advanced capabilities to drive automated remediation and extend our capabilities to other platforms.
Last but not least, all of the new features (yes all of them :)) are part of our community platform: they are entirely free, gratuit, gratis, مجانا, 免费.
So to sum things up:
- We automate all the painful handling of the lifecycle of vulnerabilities so you don’t have to
- We provide insights into your vulnerabilities from validating fixes to evaluating your security posture
- We make sure no issue is ever forgotten, dropped and we help your set deadline to ensure things are fixed on time
- We provide the extra capabilities to work across your organization, with 3rd, with other tools and all of this, in a single platform
- Finally, all of these are part of our community platform and are completely free
We really hope you will enjoy it, please let us know your feedback and you can get started here: Scan, Remediate, Fix Now!
We do newsletters, too
Get the latest news, updates, and product innovations from Ostorlab right in your inbox.