Achieve Effective Risk and Vulnerability Management With a Platform Approach

Hello, I am Richard Hill, the lead Analyst at Cooper Cole. And today we're having a webinar about achieving effective risk and vulnerability management with platform approach. This webinar is supported by Tanium, and joining me today is Bryant Bell, director of Product Marketing for Risk and Compliance at Tanium. And Zach Warren Tanium, chief Security advisor. And before we start, I'll give you some information about some housekeeping notes so everyone is automatically muted, so there's no need to worry about muting yourself.

And we'll be running some polls during the webinar, which we will be sharing the results during the in real time. And we'll also be recording the webinar and both the recording and slides will be available on the CO Cole website. In addition, we'll save some time at the end for the question and answers, and we'll provide those at the end of the, towards the end of the webinar. So let's take a look at the agenda With that, I'll start out by talking about the value of asset and endpoint management.

Also how understanding the context of what you have helps to surface those software and endpoint vulnerabilities and compliance risks within an organization. And then I'll turn over the webinar to Brian and Zach, who will give an outline of Tanium platform approach to identity prioritization and how to remediate vulnerabilities, given it visibility and reducing risk. And then finally, as I mentioned, we'll save some time at the end for the question and answer session. So I thought I'd start off by talking a little bit about today's digital landscape.

IT security faces, you know, several significant challenges, most notably the cyber threat and attack, the sophistication and frequency of cyber threats and attacks that continue to increase malware, ransomware, phishing attacks, the data breaches, they all pose significant risk to any size of an organization. And attackers can exploit vulnerabilities in software network and influence human behavior to compromise systems and steal sensitive data.

The increase of, you know, the diversity of endpoint devices can also present a challenge for IT security teams where they need to implement comprehensive endpoint protection strategies to include a range of devices, operating systems and other form factors. And the software supply chain also faces several challenges, the, the presence of vulnerability and software components. Many software development projects rely on third party libraries frameworks and open source type of components.

And then you want to, you know, ensure the integrity and authenticity of software throughout the supply chain. And you, another challenge could be a lack of transparency in the software supply chain, which could impede security efforts. So that trend of working from anywhere has also significantly increased over the years. And the attitudes of being able to, you know, work from anywhere is increased. So that that's another consideration. And it also presents challenges and it's expected that this trend will continue to evolve and shape the future of work.

So with that, let's stop here and take a minute to take our first poll. You should see the questions on the screen so that the question of what IT security solutions are in your organization. I list several here, asset management, endpoint management, risk management, vulnerability management. It could be all or it could be a subset of those. So let's go ahead and do that.

Okay, so let's continue on with the presentation. Okay, so I thought we could start off by understanding how we got here and where we are today. It didn't seem that long ago when, you know, there was a work environment that consisted of mostly desktop computers At the moment, Traditional client management tools were used for desktop computers and relied on manual updates, software and patches that were layered on top of each other.

Later we had the gold images of desktop operating systems that were used to provide a good known state of operating systems, but still required patches on a routine schedule, which would come later known as Patch Tuesday. And then as mobile phones became economically available, laptops and tablets, and there we go, stationary computers, the business could control the employee's device regarding its operating system and software applications that were used as well as security controls when the device was within the perimeter of the organization.

And that mobile device management, or M D M provided the tools to control the device functionality and help manage the lifecycle of these mobile devices and their platforms. And then there was the enterprise mobility management solutions that added, you know, mobile information as well as application and content management and that ability to push software updates and patches to devices. And that has become what is known today as modern endpoint management in the range of devices and their types have expanded past laptops, tablets, et cetera.

And now they even include, you know, printers, IOT devices, wearables like Apple Watch, and even some newer types of endpoints that support, you know, virtual, augmented or mixed reality type environments using headsets like Oculus or HoloLens. And then, you know, businesses that were seeking to improve productivity and efficiency while, you know, employees wanted to work from anywhere, from any time that became prevalent.

As well as a continued push to the cloud environments and the convergence of OT and IT networks systems and sharing data industrial IOT devices would collect, allowing both businesses and operations to utilize the benefit from information sharing as well as an increase in the use of AI and machine learning analytics, orchestration automation, all those things. So in a nutshell, U E M is continuing to evolve to meet that growing list of IT requirements and some key evaluation criteria for endpoint management solutions.

Of course, you know, device management, managing the various endpoint types, it's lifecycle onboarding, provisioning, decommissioning, being able to troubleshoot or wipe or you know, inventory of the device. Application management. This is the category that focuses on that ability to control and apply policies to applications in regards to the endpoint devices. Configuration management in the context of IT security refers to that process of managing and controlling the, the configurations of the endpoints.

And this helps to assure that they align with the organization's security policies and standard. And then there's patch management, which focuses on the ability to distribute and apply endpoint devices, system patches for operating systems applications and in various vendors, whether the patch is deployed on a schedule or whether it's a critical emergency patch that has to be distributed rapidly when necessary. Endpoint security, this is where wide range of endpoint security needs to be considered.

Some things are like analyzing the information or being able to detect, detect and prevent the execution of malicious code, prevent data loss and loss productivity on the user's side device, for example. And then there's endpoint monitoring, which provides capabilities to track endpoint activity, detect anomalies and generate reports and security events. And this helps with responding to security incidents in a timely matter.

And endpoint intelligence, we touched on that earlier, analytics, artificial intelligence, the these type of capabilities help provide insights in different aspects of the U E M domain as well as the ability to automate, assist or take action to remediate endpoint related issues. And then finally, you wanna have that ability to have a centralized endpoint visibility where you consolidate the views and the management of the endpoints regardless of where that solution is deployed.

And this often often has, you know, a single pane view with dashboards and provides visibility of device inventories through state threats, policy management, licensing and reporting it, these kind of things. So these are the main types of functionality to consider when looking at U E M solution and then endpoint protection. So endpoint protection has been around for quite a while, which Copi Cole calls Endpoint protection, detection and response. And it's a combination of endpoint protection and endpoint detection and response.

So you could think of endpoint protection as a kind of next generation antivirus plus a lot of other sort of secondary tools that go along are here to help prevent infections from happening in the first place. And then try to prevent the execution of any kind of malicious code. And secondary ca capabilities are things like managing endpoints, firewalls, U R L filtering, keeping users from going to unknown malicious URLs. On the E D R side, this is more looking at signs of attack after they have been happened, indicators of compromise, integrating with cyber threat intelligent type of solutions.

And then providing a means for security teams to do investigation and forensic analysis. Let's see, so U E M and E D P R. So these are both related to protecting and securing endpoints in the IT environment.

While, while there is some overlap between these areas, there's also different focuses and objectives for each. So in the asset management considerations, it's, it's not a primary capability of either U E M or E D P R U E M solution often includes asset management capability as part of the broader device management functionality where E D P R solutions may provide visibility into endpoints and their activities. They generally do not offer comprehensive asset management functionality. And then there's endpoint protection where both U E M and E D P R contribute to the endpoint protection.

U E M typically includes features like device encryption, endpoint firewalls, patch management, secure endpoints, where E D P R on the other hand focuses on detecting and responding to advanced threats and attacks, leveraging techniques like behavioral analysis and threat hunting, and then security detection and response. They both involve detecting and responding to security threats.

U E M solutions often incorporate basic antivirus and malware protection to identify and mitigate attacks where E D P R solutions specialize in detecting advanced threats, including zero day exploits, malicious behavior that may go unnoticed in traditional security measures. And then there's data protection where they both play a role in protecting sensitive data where U E M may utilize data encryption capabilities and control access to corporate data on devices.

And then, you know, being able to remote wipe or containerize that data where E D P R solutions monitor endpoints activities to identify data breaches or unauthorized data transfers or suspicious data access patterns, for example. And then there's asset visibility is important IT security capability, for example, IT asset management or I a m and then there's software bill of materials, which is sbo. Each discipline replies, or excuse me, relies on asset visibility to effectively carry out its objective.

So for I A M that centers on managing and optimizing asset through their life cycle, giving it visibility, being able to discover assets and cataloging them and tracking their locations and configurations. And then there's SBOs, you know, they provide visibility into software components used in the system, including third party libraries, open source dependencies, associated versions of those software components.

And visibility is crucial for understanding that software supply chain and identifying potential vulnerabilities and security risks associated with the software components and compliance.

Both IAM and SBO M have a role in ensuring governance and compliance for a would help track and manage software licenses and ensure compliance with the software usage term or licensing agreements and SBO assist in you the compliance of security guidelines and regulations by providing visibility into third party software components and identifying vun vulnerabilities risk management, well they both aim to mitigate risk within the technology domain.

So I A M involves managing and securing technology assets to minimize risk and SBOs help mitigate supply chain risk by providing visibility into software components and their de dependencies. And then lifecycle management and enhancing security are a couple of other examples where I A M and SBO intersect in some respects. So risk and vulnerability, how do they relate?

Well, they also have some common goals. So risk assessment, identifying and understanding those potential risk and vulnerability within an IT infrastructure prioritization and risk breaking is a capability to prioritize vulnerabilities based on their severity potential impact on an organization. This includes, you know, considering factors such as the availability of exploits and their affected systems. And you know, the potential business impact is some examples and mitigation and remediation.

So, you know, risk management solutions aim at to implement controls and countermeasures to reduce or eliminate risk while vulnerability management focuses on remediation activities to address specific vulnerabilities. And then the last thing I wanted to cover, or at least surface so that you understand that IT security data can reside in various locations depending on the specific context and purpose. Some common places where IT data may reside is in asset management systems. Vulnerability data is often shared with specific IT assets such as server network devices and applications.

Risk management management systems or organizations may dedicate risk risk management systems or platforms to track and manage IT security risk. And they store risk assessments and risk registers and risk profiles and other relevant information vulnerability management, you know, they have scanners that identify and track vulnerabilities to present, you know, what, what's in that organization. And these tools maintain a database of vulnerabilities and their severity ratings and remediation activities platform. So security information and event management type systems.

They collect and store security related data from various sources within our organization. And this could include, you know, logs from devices or applications and network systems and providing that centralized storage and analysis capabilities. So it's important to note, you know, that specific storage locations may vary depending on organization infrastructure, security, architecture and regulatory requirements. So I will stop there and we'll take our last part of the, the last poll for the webinar and we should be able to see this on the screen. So let's take that poll.

All right, so I think that we will stop there and I'll turn over the presentation to Brent and Zach. So Richard, thank you Very much and for all of you out there, hello, I'm, I'm Brian Bell, I'm the director of product marketing at Tanium. And also joining me today is Zach Warren, who is our chief security advisor, who's based in Hamburg, Germany. So I'm in the us he's in Germany.

We're, we're definitely covering at at least the Americas in a good chunk of AMEA today for you. So Richard covered some really important topics for you.

He, he went through endpoint management, endpoint protection, and also asset management, bringing up, you know, topics such as S O M or your supply chain vulnerabilities in there. And overall he, you know, really gave you some, you know, really solid points to really think about, you know, how are you managing your overall risk and vulnerabilities.

And he also in there also highlighted, you know, at the beginning of his presentation, really what are the challenges that we have that we all face now in, in our modern world, what are those, it challenges, those security challenges that, that we all face. So taking all this into account what, what Richard covered for us, Zach and I are going to look at, you know, really what are those changes to our IT security landscape, but more importantly, given those changes, how are our organizations and, and our enterprises, how are we changing, how are we evolving to address these?

And so let's get into our presentation a little bit. You know, Richard talked about being able to to, you know, really manage and identify the vulnerabilities, but you know, how many vulnerabilities are there actually really that we have to manage?

You know, last year alone there was over 25,000 new CVEs and you know, that's, that's quite a bit. So, you know, you're looking at, you're looking at over, over 2000 new vulnerabilities a month. And this year so far we are on track to either meet that or exceed that in, in 2023. And that's quite a bit. And you know, if you, if you look at, you know, what you have to do in your, in your companies to just identify those and remediate those, you know, you're looking at 2000 a month, that's a, that's a lot. How do you do that?

You know, how do you identify those? How do you prioritize those? How do you work with your other D departments to remediate and then report on those?

And it's, you know, it's, it's a challenge and I'm sure that you can all relate to that, that it's, it's, it's hard and it's, it's work that needs to be done otherwise, you know, there can be some real damages done to, to your organization. So looking at what our typical vulnerability remediation processes and procedures are, you can really break them into two areas. So there's the vulnerability identification and prioritization process, and then there's the remediation process.

And if you look at this, we sort of laid this out in finding that, you know, this is a typ typical processes and procedures that a lot of organizations follow. And sad to say some of these procedures were laid down 10, maybe even 15 years ago and haven't really evolved since then, haven't really adapted to the challenges that, that we have to face now.

So we look at that, if I, if I go to the top and I go from left to right, the first thing that we really can identify here is that when you go to scan and discover and you know, try to find those vulnerabilities and, and even in Richard's polls, most organizations have multiple disparate tools to do this. And when you run those multiple disparate tools, you know, are you really that efficient? How are you getting all the information? How do you compile all that information?

You know, how long does that take? And then what are you missing also when you run all these tools as well. Moving over there, you have to learn your, your SOC and NOC departments too, cuz typically these are running across the network and they're running from, you know, a centralized server or a couple centralized server going across your whole network. And you know, if you don't alert knock or or soc, then they might stop the process because they think it's an intrusion.

So, you know, you really need to look at that. And then if you wanna look and, and try to find all your assets as well, you know, you're gonna be running multiple disparate tools and sometimes this can take two to three weeks to complete, just identify where, where all your assets are. And the next thing that I really wanna highlight is, you know, there's some boxes here where you see down at the bottom of it says X Excel, believe it or not, a lot of companies out there are still managing things manually.

They dump it down into an Excel sheet, they manipulate it there, they push out, you know, different reports and distribute those. And just to get that information into an Excel sheet takes a day or two, and then you're transferring over to, you know, from your security team over to your ops team and they, they wanna look at it and then they're gonna verify it with another tool and then they're gonna take all those vulnerabilities and we're gonna move down to the remediation process here. And they're doing prioritization again, probably in a, in a manual way.

And then you're gonna go back to multiple endpoints here. And so you can see that there's sort of a theme here. There's multiple disparate tools, there's coordination between different, different departments. Usually they're, you know, looking at data from different tools, so they may disagree and so that they have to validate all of this and then, and then go out and, and try to fix it. And what we've identified here is really that this process go back up, this process, this total time takes, you know, anywhere from six or, or even more weeks to go through.

And if you're looking at, you know, close to 2000 vulnerabilities a month, being able to identify and remediate these in taking six weeks or 30 days, you know, might not be acceptable. So, so what do you do?

But, but Zach, is this something that, that you see as is fairly typical out there when you're talking to customers? Yeah, so there's, there's two things that I think that are really interesting about laying it out in a flow chart like this. And that's, that it really, really highlights all the different steps that do take place in this process.

And I think a lot of times, you know, I talk to a lot of organizations that aren't doing that level of measurement and understanding exactly what their processes are today and really writing 'em out and drawing them out and looking at that, you know, almost playbook and trying to look for ways to automate, to scale it, to do all of these things. And so when you start you putting it out in a flow chart like this, it really helps to visualize that.

So that's kind of the first, you know, thought that comes to mind is I, I like to see organizations do a little bit more of this type of, of homework on top of that, you know, I try to remind clients that it's, it's not your fault, right? These, these processes have been in place for years and years and as we join new organizations, we have to kind of take on these new processes that are then laid out for us by the organization. And so I challenge organizations all the time and individuals to go back and say, Hey, is this really the best way to do this?

You know, based on the technology we have in place, based on the knowledge we have and the people we have, what's the best process to do that? How can we automate it as much as possible and how can we scale? And the other feed bit of feedback I constantly get is, well, Zach, you don't understand my environment is just so complex, right?

I do understand we rolled out and understood this type of program, this type of, you know, understanding what your vulnerabilities are and the remediating those within large government agencies and with branches of the military that have extremely complex environments. And we were able to get this time down quite dramatically. I even have clients and organizations that I've supported that are on a constant patch, right? So anytime A C B E comes in, and of course they prioritize these things because if there's 2000 of them in a month, you can't just go kill 'em all right?

So you've got to prioritize 'em, what makes sense for your business, what's gonna impact you, what's the impact of that CVE e And then once those are pri prioritized, they get rolled out and patched immediately. So it can be done, right, it can be done to improve this. Great. Thanks Zach. And you know, and, and you know, we're gonna take a step back before we, before we go and show you some of the ways that we can really improve this process for you and, and give you some, some tips and insights.

But I really wanted to cover, you know, the one thing, you know, there was some constants there, which, which was the, the disparate point solutions and, and actual and some manual processes as well. And really wanted to bring up the fact that, you know, point solutions are not working. And this is really when you have these multiple disparate systems out there, you have also multiple disparate agents out on your, out on your network. What what has been found is that 94% of enterprises are missing up to 20% of the endpoints. So 20% of those areas where vulnerabilities could come in.

And, and what do I mean by that is that if you don't know where those endpoints are, if you're missing those endpoints, those are potentially unknown assets. And about 69% of the organizations have experienced breaches through unknown assets. So these disparate point solutions are, are really not catching all of that. And then if you put on top of that, you know, we, we talked about, you know, 2000 CVEs being found every, every month. The other thing too is that according to cybersecurity ventures, there's about, you know, one ransomware attack occurs every 11 seconds.

So really being able to protect yourself, be able to monitor your, your systems, the point solutions just, just aren't working. And, and this is compounding the, the problem and so much so that it's, it's a national and and federal issue that is, you know, we're seeing regulations and mandates being pushed down from, you know, here in the United States, you know, from the White House, we have an executive order on improving our cybersecurity.

And, and CISA has new, new directives as well to help improve the visibility and, and, and vulnerability detection, especially on federal networks. And I know in the, in the eu there's also the n i s directive and also the cybersecurity act that are looking at, at really, you know, improving and, you know, fighting against cyber fraud and, and, and cyber attacks in the eu.

So, you know, we have to act against this. The point solutions aren't, aren't working well. And as Zach says, you know, some of these things, you know, really isn't, you know, our problem we're sometimes if you look at it, we're, we're, we're just victims of, of tradition. But you know, the cyber criminals are breaking tradition all the time.

And, and you know what, put another point on this, it's, it's also costing our companies a lot of money every year. You know, I popped up, so a couple headlines here, and, but really when you look at this down in the bottom left hand corner here, you know, according to ibm, the average cost of a data breach last year was 4.35 million. And that cost is, you know, some of it relates to your employee costs and, and you know, what it costs to, to move resources, to try to fix a, to try to fix a breach, the downtime it causes your company, there is also costs associated with data that gets lost.

And then there's also costs associated with loss of reputation as well. So these costs are real and you know, you can, you can read through this and, and look at it and it's just, it's, it's staggering. So something does really have to change and you know, as Zach says, it's, it's possible we see that, that companies are adapting and they are working to, to make these changes. So let's go back to our, our flow chart that we talked about before.

So if you look at this and you look at the disparate tools that are over there on the left hand side, you know, wouldn't it be nice if, if those, you could automate those. And so for scan, discover, and label, you know, automate, automate that, automate the discovery and integrate it with your asset management tools. And then for your vulnerable vulnerability scanner agents, you know, help, you know, there is self-healing and continuous validation on that.

And if you have that, if it's running all the time, especially if we can run this locally on the endpoint, so really true endpoint protection, then you know, that whole process of notifying SOC and knock kind of goes away because they know that it's there and they know that it's running on the, on the local agent. And now you can scan daily and that scan can take, you know, 25 minutes or less. So you're reducing the time already by using automation, using more advanced tools, reducing the amount of tools that you're using as well.

You know, one of the things that you gotta think about is that with multiple disparate tools, you have multiple disparate agents, each agent takes up CPU U. And so if you can reduce that, you're also gonna speed up your overall network performance as well. So let's talk about getting rid of some of these manual processes as well. And this is really pointing to looking at an overall platform approach to your vulnerability management and remediation.

And what we're really talking about here, if you look at this top line is that, you know, to automate, you're gonna be using tools that are integrated into that platform to have the self-healing and continuous validation. And they're running, they're gonna be, you know, on, on that platform and be able to report across that platform. Not only that, but they're gonna also be able to take that information and then correlate it with CVEs. And if the patches already known and catalog in on that platform, they're gonna be able to to, to deploy those patches automatically.

And one of the most important things, and one of the things we hear about from our customers is that, you know, if the security team's using one set of data and your ops team is using another set of data, then you're spending time in cycles trying to get to, you know, what's that single source of truth.

If both of those teams are using the same platform and they have the ability to set up the parameters together and and really look at the same data at the same time, you're also gonna be reducing time just in that coordination, but you're also gonna have greater cooperation because you're working off of the same data. So these are some of the, some of the advantages of, of having a platform approach up at, at the top here for your vulnerability identification and prioritization process. Now when it comes down to remediation, let's get rid of some more of those, those manual processes.

Let's reduce all those multiple agents and have a single agent that does, you know, the monitoring that can help deploy, that can look at the compliance of, of devices and applications that are, that are out on your endpoints. You can also start automating the patches not only of of applications but also OS and third party software as well, being able to look inside those packages that, that are in your software applications.

So looking at your, your software supply chain vulnerabilities, being able to look inside that as well and being able to remediate and then being able to, you know, scan these faster and then also have integrations with, with your sims as well. And so if you look at this, we can really reduce that, that overall time and streamline this for you. So you can do scan, scanned, discover, and label, and you can see across this that we've taken it down from really from six plus weeks down to down to three weeks.

And what you're gaining here is you are using the modern tools and you're using tools that that can help redefine those processes and procedures that you have in place and give you a platform that can be used across multiple departments so that you have greater cooperation and greater operational efficiencies as well. So here, you know, we've added in automation, actual visibility and, and prioritizing those CVEs high efficiency accelerated workflows and and reduced operational impact.

And this is really significant for a lot of our customers that have started to adopt this, but also changing those procedures with inside their organization is, you know, not only is it saving him time, it's protecting their organization in much better way. Zach, can you add a a little bit on this on, on what you've seen from some of our customers?

Yeah, absolutely. So, you know, one of the things that I get a lot of feedback on is I have this conversation with, so I coach mostly CISOs also work very closely with CIOs. And as I start to showcase to them how they can help their teams by enabling them to streamline processes like this, they start to see the green and blue dollars as we refer to them, that they start to win back, they start to win back hours of their employees time.

And if you go and you have conversations with these organizations, not only is leadership happy about that because these FTEs are now able to focus on true breaches or do research for the organization or actually do what they were hired to do instead of focusing on vulnerability searching and scanning and patching and things like that, but actually work on incidents. And then on top of that, you've got a, a savings and a better flow of of time for the organization and you know that you're in a better position and you've improved your overall, you know, cyber readiness.

And so a lot of organizations get really excited about starting to streamline this for those two facts. And if you think about, you know, your time and I think back at my time of being a security Analyst, also working as a security engineer and some of these large organizations and government organizations, you know, if we would've had better processes back then, I would've spent more time doing the things that I actually signed up to do and enjoyed doing. And so you see, you kind of see that improvement of the overall kind of experience for the employee as well.

So there's a lot to be one in looking at the processes that you have in place and trying to find ways to improve them through this type of automation and scalability. Right. Great. Thanks Zach. Yep. And you know, on our next slide, you know, we are Tanium and I just wanna really introduce, you know, we talked about the platform and the advantages of the platform, and Tedium has our XM platform, which is what we call our converged endpoint management platform.

And you know, we talked about the automation, we talked about a single platform, a single source of truth for your different departments, and also the ability to provide vulnerability management, risk management and compliance.

And with our converged endpoint platform, we provide all of this for our customers from endpoint management to risk and compliance to incident response, but also improving the digital employee experience as well, which is, I'd have to say, you know, as we move forward, a future thing to, you know, really help with inside your organization is improving that digital employee experience and having the tools of which you can do that efficiently and meaningfully to, to your employees and also to your partners as well.

So this is what Tanium offers and if you want to give it a try out, I'm gonna put this next slide here. We have a, a little QR code that you can actually scan, you can pull out your, your phones and scan that. It'll take you right to the page and the code does work. I tried it yesterday afternoon just to make sure, but what we found is that customers using this free tool, some of them have found that just with this free assessment they've found, oh wow, you know, I have, I have assets and endpoints out there.

I I had no idea that I had, and then, and I have some c i s connections that have, that have failed that I've, I've been able to find those. And you know, I've also been able to see, you know, there's some CVEs out there that wow, didn't, didn't know existed. So feel free, this is, you can, you can do this, run it free and really start addressing some of the things that, that we covered in terms of automation and greater visibility. But also you can look at some of the things that Richard brought up as well by doing this, by doing this risk assessment.

So with that just gonna conclude here on, on our presentations and you know, in summary, you know, it is vital to, to review your existing vulnerability management processes and tooling. You know, sometimes we're victim of, of tradition, you know, this is the way we've always done it type thing. But we always have to question, you know, are they working, are they efficient? Are they providing the protection and the efficacy that that is demanded today?

You know, I guarantee the people that are out there taking advantage of, of exploits and, and vulnerabilities, you know, they're not sticking to tradition. They're finding new things and new ways to attack you and to get your vulnerable data and, and to inject malware into, into your systems.

So, you know, they're not, they're not resting on, on their laurels and neither should we, we should always be looking at how do we evolve to address the, the environment that we have to protect against. Also, you know, look at how you can minimize those processes, look at how you can collaborate with the other departments that are, that are critical to, to improve your efficiencies and also to read off of the same book, you know, really have that single source of truth.

And then once again, take that complimentary Tanium risk assessment to understand your current, to current, your current posture. So with that, I'd like to, you know, bring a close and, and finish our webinar today. So thank you very much, thank you for taking time out of your day to, to listen to us and we hope that we are able to provide you some insights and some ideas on how you can improve not only your processes, but look at ways that you can also improve your risk posture out there as well. So with that, thank you very much. Thanks a lot, Brian. Thank you Brian.

Zach, I think we will show what the poll results are first and then we'll go on to the question and answer. So the first question, what IT security solutions are in your organization? It looks like there's a little bit of all Brian or Zach, does this surprise you or what's your impression?

No, It doesn't surprise me one bit. There are so many security tools out there in every organization. The the question that I would ask in addition to that is how integrated are these and, and, and how are they utilizing the data?

But no, that, that should, that looks just about right. Well, I I think we'll just move straight on to the question and answer session here. So the first question that, that comes up, how can system and organization controls or SOC report help manage the software supply chain or third party risk? How should organizations deal with the third party security risk? You want me to take that one on?

Yeah, I was gonna say, do you want that one Ben and I'll back you up. Sure.

So, you know, this is something that's increasingly difficult. I mean, we, you know, one of the incidents that happened a couple of years ago that really highlighted this was SolarWinds. And you know, with that there was a, you know, a vulnerability that was basically put in place inside a packet that was then distributed as an update for SolarWinds to, you know, thousands of customers.

So, you know, the, the bad actors out there are, you know, they're thinking of new ways of, you know, how can I get into an organization? And they know that, you know, through open source and third party solutions, that there's ways that they can put their, their malware inside there, you're not gonna know it exists.

And, and then it gets distributed and it's sort of hidden in these packets that a lot of traditional, you know, vulnerability management and, and, and scanning tools don't, don't pick up because they're looking at the, the package on its on its toll, on its toll. So, you know, really to address this, there's, there's two things.

One is that when vendors are actually developing and, and using tools like this, it's, it's, you know, part of their responsibility is to, is to really look at their software billing materials and make sure that there aren't any vulnerabilities in there before they distribute it. And this, you know, they really need to look at, you know, what, what open source do I have in there? Have I validated it?

Is it, is it, is it okay to push out? Is it safe? But they miss things as well. So it really becomes important, especially for organizations to be able to look inside the packets, especially at runtime of the, of the applications that they have running to make sure that hey, you know, inside this library there's a log four J vulnerability and I now have ability to identify it and then I can remediate it, which means if you have a patch, patch it as soon as you can. If you don't, you can remediate by taking it down, stopping it that way.

But it really is, you know, you need to have trust in those third party applications, but you also need to protect yourself as well by having a tool such as, you know, Tanium provides you with the ability to identify those packets and then also, you know, identify the CVS and the do automatic remediation against those as well. Okay, thank you. The next question is, how do you shift from risk ID to remediation? I don't know if that's specific to your platform or could you speak to that?

Well, it's, for me it's all about prioritization, right? So if you're gonna under, you need to understand what your risk is or how certain CVEs would affect your environment, I think this is the direction that the question was going. But if you, if you just look at, you know, 2000 CVEs on a monthly basis and try to go and handle those, you're gonna be overloaded, right? Especially with the poor process that we just highlighted.

But if you understand exactly when you, when a CV do C B E does pop up, what it actually affects, what applications are affected by it, and then if you're able to then locate that and then remediate it, right? So it's a, it's a whole process of understanding, you know, where you are, what your valuable, you know, assets are, and then where these vulnerabilities then live in your environment.

But yeah, it's you, you have to know that risk. You have to understand what the risk is to your, to your environment, to your business.

Okay, we have a couple more questions. The next question is, how can we get SecOps and IT ops to look at the same data?

Well, I'll, I'll jump in on that one. Brian, go ahead. That sounds like a softball question to me. Unless it's Tanium employee asking questions, that's what Tanium is built on. That's the reason that Tanium exists, is to give organizations the same set of data so that they could be making conversation and, and having basically the same language across the board. I talk about improving teams all the time, and one of my biggest pet peeves are silos and organizations where I say, I'm in security operations, this is my tool, don't touch it. And I don't want anything to do with your tool, right?

That's a poor way to run an IT organization today because security is built in or should be built in to everything. And so the best way to get security operations and IT operations to be utilizing the same data is to give them the same equipment, right? Give them the same technology to be working with so that they have the same, you know, system of record.

You know, if that's Microsoft in some organizations, if that's using a sim like, like a Splunk or Sentinel or something like that in other organizations or, you know, as we would like to see it utilizing Tanium, because Tanium can give you that visibility and both teams can then work from that, that data because the software, you know, is fi there's vulnerabilities found in software and the security team then raises their hand and says, Hey, I need these things patched.

I it operations on the other hand says, I see that in the system and I can go ahead and, you know, accept that or push that patch. And so it's, it's really the best way to kind of tear down those silos is to give them the same platform to be working from and Tanium is the best at doing that. So Yeah. The last question. How are CVEs automatically prioritized? I think you may have touched on that a little bit during your presentation, but You wanna interrupt that Brent or you want me to hit?

Yeah, so especially when you set up your vulnerability management on a, on a platform such as Tanium, you can set up a little bit of your risk profile, some of the things that you're looking for, and then when CVS are, are found, they can be automatically prioritized based on what's most important to your or organization. So, you know, you set this up once in a, in a platform and then when those cvs are identified, then they're gonna be prioritized.

You're also on a platform can be alerted to, okay, here's one that, that you've identified that is, you know, that you know has a high potential of, of danger, right? So that can go right up the top and can be, and you can be alerted on that one as well. One of the things Tanium has done in one of our recent releases as well is we've also integrated into that prioritization process. What's called cisa, kev or CISA publishes what are, are known, what's called their, their known exploitable vulnerabilities or the most dangerous of the dangerous.

And so that's now part of our, our prioritization process as well for your cve. So if a C V A is identified, that matches up with a SAC kev and it goes right to the top and you get alerted to it. And it also comes in with some of those Cystic Kev vulnerabilities, you know, in the US if you're regulated, have a certain timeframe in which you need to fix it. And that's also pushed up to the top as as well. But it really is based on, you know, what is, what is your risk tolerance, setting up what's important to your organization and what you need to know about.

So you know, manufacturers probably gonna have a different profile than a healthcare provider and they're gonna be looking at different things and different things are gonna be more important to them, but you can set that up in a platform such as Tanya. Okay. Brian and Zach, thank you for your time. We came up to the end of the webinar and I'd also like to thank the audience for attending.

Again, the video and presentation will be available on the Cooper Nicole website. Thank you. Thank you very Much. Great. Thank you. Bye.