- Management & Executives
Defenders - Vulnerability Management teams (Managers and analysts)
Incident Response teams who are tasked with reacting to breaches.
IT and Business teams who either own and/or are responsible for assets in the Digital Attack Surface.
Use Case: Understanding the effectiveness and impact of of a security program
As a CISO I want to be able to understand the current state of my organisation’s IT and future threats to it so that I can ensure customers and staff can continue to undertake their business safely and uninterrupted.
I want to also be able to understand the cost effectiveness of budgets being spent on programs (tools and people) and to then be able to communicate that to my executive leadership.
Use Case: Investigating and prioritizing the most important vulnerabilities that can exist within a Digital Footprint.
As a Vulnerability Manager I am tasked with identifying security issues that can result in possible avenues for threat actors to compromise my organisation’s systems to steal customer data and affect business operations.
However I am often presented with too many issues and I would like to be able to focus on the most important ones.
Use Case: Identifying immediate threats that are present on a Digital Footprint
As a Vulnerability Manager I am tasked with identifying threat indicators showing threat actors have compromised my organisation’s systems to steal customer data and affect business operations.
I want to make sure that the information provided is accurate so that I can task internal and external teams with further investigation to fix them. Once it’s clear where I need to focus, I am often tasked with coordinating with other teams who will actually being performing the fixes. I have to interface with people, when ideally it would be managed through our existing management tools.
I also want to be able to protect my company’s reputation on the Internet so that customers and staff can continue to undertake their business safely and uninterrupted.
Example: Identifying Malware on your company’s websites to send to an Incident Response team.
Use Case: Identifying security issues to fix on a host/s, in priority order of criticality or exposure
As a Remediator I want to be able to quickly fix any security issues raised by my vulnerability management colleague so that customers and staff can continue to undertake their business safely and uninterrupted.
To do so I need to understand which are the most important issues, the infrastructure or applications affected and what exactly I need to check on them.
I am likely to be using a combination of reporting from the vulnerability team and our own internal tools for how we manage assets and patch management.
Next steps would be to take the export and inspect the identified websites with a Vulnerability Scanner such as Qualys, Rapid7 or Whitehat. The results can then be updated within our platform to effect a change in the Risk Score.
Use Case: Understanding changes to my Digital Attack Surface.
As a Vulnerability Manager I want to understand how my company’s Digital Attack Surface is changing so that I can proactively act when there are changes in business structure via acquisitions/sales of business units as well as new product initiatives.