Hello, I'm Richard Hill, Lead Analyst at KuppingerCole, and today we're having a webinar about Achieving Effective Risk and Vulnerability Management With a Platform Approach. This webinar is supported by Tanium. And joining me today is Bryant Bell, Director of Product Marketing for Risk and Compliance at Tanium and Zac Warren, Tanium's Chief Security Advisor. And before we start, I'll give you some information about some housekeeping notes. So everyone is automatically muted, so there's no need to worry about muting yourself.
And we'll be running some polls during the webinar, which we will be sharing the results during that in real time. And we'll also be recording the webinar, and both the recording and slides will be available on the KuppingerCole website. In addition, we'll save some time at the end for the question and answers. And we'll provide those towards the end of the webinar. So let's take a look at the agenda.
With that, I'll start out by talking about the value of asset and endpoint management. Also, how understanding the context of what you have helps to surface those software and endpoint vulnerabilities and compliance risks within your organization. And then I'll turn over the webinar to Bryant and Zac, who will give an outline of Tanium's platform approach to identity prioritization and how to remediate vulnerabilities, giving it visibility and reducing risk. And then finally, as I mentioned, we'll save some time at the end for the question and answer session.
So I thought I'd start off by talking a little bit about today's digital landscape. IT security faces several significant challenges, most notably the cyber threat and attack sophistication and frequency of cyber threats and attacks that continue to increase.
Malware, ransomware, phishing attacks, data breaches, they all pose significant risk to any size of an organization. And attackers can exploit vulnerabilities in software, network, and influence human behavior to compromise systems and steal sensitive data. The increase of the diversity of endpoint devices can also present a challenge for IT security teams where they need to implement comprehensive endpoint protection strategies to include a range of devices, operating systems, and other form factors. And the software supply chain also faces several challenges.
The presence of vulnerability in software components. Many software development projects rely on third-party libraries, frameworks, and open source type of components. And then you want to ensure the integrity and authenticity of software throughout the supply chain. And another challenge could be a lack of transparency in the software supply chain, which could impede security efforts. So that trend of working from anywhere has also significantly increased over the years. And the attitudes of being able to, you know, work from anywhere has increased. So that's another consideration.
And it also presents challenges. And it's expected that this trend will continue to evolve and shape the future of work. So with that, let's stop here and take a minute to take our first poll. You should see the questions on the screen. So the question, what IT security solutions are in your organization? I list several here. Asset management, endpoint management, risk management, vulnerability management. It could be all or it could be a subset of those. So let's go ahead and do that. Okay. So let's continue on with the presentation.
So I thought we could start off by understanding how we got here and where we are today. It didn't seem that long ago when, you know, there was a work environment that consisted of mostly desktop computers. Just a moment. Traditional client management tools were used for desktop computers and relied on manual updates and software and patches that were layered on top of each other.
Later, we had the gold images of desktop operating systems that were used to provide a good known state of operating systems, but still required patches on a routine schedule, which would come later known as Patch Tuesday. And then as mobile phones became economically available, laptops and tablets and there we go. Stationary computers, the business could control the employee's device regarding its operating system and software applications that were used as well as security controls when the device was within the perimeter of the organization.
And that mobile device management or MDM provided the tools to control the device functionality and help manage the life cycle of these mobile devices and the platforms. And then there was the enterprise mobility management solutions that added, you know, mobile information as well as application and content management and that ability to push software updates and patches to devices. And that has become what is known today as modern endpoint management. Then the range of devices and their types have expanded past laptops, tablets, etc.
And now they even include, you know, printers, IoT devices, wearables like Apple Watch and even some newer types of endpoints that support, you know, virtual augmented or mixed reality type environments using headsets like Oculus or HoloLens. And then, you know, businesses that were seeking to improve productivity and efficiency while, you know, employees wanted to work from anywhere from any time. That became prevalent as well as a continued push to cloud environments.
And the convergence of OT and IT network systems and sharing data, industrial IoT devices would collect, allowing both businesses and operations to utilize the benefit from information sharing information sharing, as well as an increase in the use of AI and machine learning, analytics, orchestration, automation, all those things. So in a nutshell, UEM is continuing to evolve to meet that growing list of IT requirements. And some key evaluation criteria for endpoint management solutions.
Of course, device management, managing the various endpoint types, its lifecycle, onboarding, provisioning, decommissioning, being able to troubleshoot or wipe or, you know, inventory the device. Application management, this is the category that focuses on that ability to control and apply policies to applications in regards to the endpoint devices. Configuration management in the context of IT security refers to that process of managing and controlling the configurations of the endpoints. And this helps to assure that they align with the organization's security policies and standard.
And then there's patch management, which focuses on the ability to distribute and apply endpoint device system patches for operating systems, applications, and various vendors, whether the patch is deployed on a schedule or whether it's a critical emergency patch that has to be distributed rapidly when necessary. Endpoint security, this is where a wide range of endpoint security needs to be considered. Some things are like analyzing the information or being able to detect and prevent the execution of malicious code, prevent data loss and loss productivity on the user side device, for example.
And then there's endpoint monitoring, which provides capabilities to track endpoint activity, detect anomalies, and generate reports and security events. And this helps with responding to security incidents in a timely manner. And endpoint intelligence, we touched on that earlier, analytics, artificial intelligence, these type of capabilities help provide insights and different aspects of the UEM domain, as well as the ability to automate, assist, or take action to remediate endpoint related issues.
And then finally, you want to have that ability to have a centralized endpoint visibility, where you consolidate the views and the management of the endpoints, regardless of where that solution is deployed. And this often has, you know, a single pane view with dashboards and provides visibility of device inventories, their state, threats, policy management, licensing, and reporting, and these kind of things. So these are the main types of functionality to consider when looking at UEM solution. And then endpoint protection.
So endpoint protection has been around for quite a while, which Couponer Code calls endpoint protection detection and response. And it's a combination of endpoint protection and endpoint detection and response. So you could think of endpoint protection as a kind of next generation antivirus, plus a lot of other sort of secondary tools that go along here to help prevent infections from happening in the first place, and then try to prevent the execution of any kind of malicious code.
And secondary capabilities are things like managing endpoints, firewalls, URL filtering, keeping users from going to unknown malicious URLs. On the EDR side, this is more looking at signs of attack after they have been happened, indicators of compromise, integrating with cyber threat intelligent type of solutions, and then providing a means for security teams to do investigation and forensic analysis. Let's see. So UEM and EDPR. So these are both related to protecting and securing endpoints in the IT environment.
While there is some overlap between these areas, there's also different focuses and objectives for each. So in the asset management considerations, it's not a primary capability of either UEM or EDPR. UEM solution often includes asset management capability as part of the broader device management functionality, where EDPR solutions may provide visibility into endpoints and their activities. They generally do not offer comprehensive asset management functionality. And then there's endpoint protection, where both UEM and EDPR contribute to the endpoint protection.
UEM typically includes features like device encryption, endpoint firewalls, patch management to secure endpoints, where EDPR, on the other hand, focuses on detecting and responding to advanced threats and attacks, leveraging techniques like behavioral analysis and threat hunting. And then security detection and response. They both involve detecting and responding to security threats.
UEM solutions often incorporate basic antivirus and malware protection to identify and mitigate attacks, where EDPR solutions specialize in detecting advanced threats, including zero-day exploits, malicious behavior that may go unnoticed in traditional security measures. And then there's data protection, where they both play a role in protecting sensitive data, where UEM may utilize data encryption capabilities and control access to corporate data and devices.
And then, you know, being able to remote wipe or containerize that data, where EDPR solutions monitor endpoints, activities to identify data breaches or unauthorized data transfers or suspicious data access patterns, for example. And then there's asset visibility is important, IT security capability. For example, IT asset management or ITAM, and then there's software bill of materials, which is SBOM. Each discipline replies or, excuse me, relies on asset visibility to effectively carry out its objectives.
So for ITAM, that centers on managing and optimizing asset through their lifecycle, giving it visibility, being able to discover assets, cataloging them, and tracking their locations and configurations. And then there's SBOMs, you know, they provide visibility into software components used in the system, including third-party libraries, open source dependencies, associated versions of those components. And visibility is crucial for understanding that software supply chain and identifying potential vulnerabilities and security risks associated with the software components.
And compliance, both ITAM and SBOM have a role in ensuring governance and compliance, where ITAM would help track and manage software licenses and ensure compliance with the software usage term or licensing agreements. And SBOM assists in the compliance of security guidelines and regulations by providing visibility into third-party software components and identifying vulnerabilities. Risk management, well, they both aim to mitigate risks within the technology domain. So ITAM involves managing and securing technology assets to minimize risk.
And SBOMs help mitigate supply chain risk by providing visibility into software components and their dependencies. And then lifecycle management and enhancing security are a couple of other examples where ITAM and SBOM intersect in some respects.
So, risk and vulnerability, how do they relate? Well, they also have some common goals.
So, risk assessment, identifying and understanding those potential risks and vulnerabilities within an IT infrastructure. Prioritization and risk-breaking is a capability to prioritize vulnerabilities based on their severity, potential impact. On an organization, this includes, you know, considering factors such as availability of exploits and their affected systems.
And, you know, the potential business impact is some examples. And mitigation or remediation.
So, you know, risk management solutions aim to implement controls and countermeasures to reduce or eliminate risk while vulnerability management focuses on remediation activities to address specific vulnerabilities. And then the last thing I wanted to cover, or at least surface so that you understand that IT security data can reside in various locations depending on the specific context and purpose. Some common places where IT data may reside is in asset management systems. Vulnerability data is often shaded with specific IT assets such as server network devices and applications.
Risk management systems. Organizations may dedicate risk management systems or platforms to track and manage IT security risk. And they store risk assessments and risk registers, risk profiles and other relevant information. Vulnerability management, you know, they have scanners that identify and track vulnerabilities to present, you know, what's in that organization. These tools maintain a database of vulnerabilities and their severity ratings and remediation activities platform.
So, security information and event management type of systems, they collect and store security related data from various sources within an organization. And this could include, you know, logs from devices or applications, network systems, and providing that centralized storage and analysis capabilities.
So, it's important to note that specific storage locations may vary depending on organization, infrastructure, security architecture, and regulatory requirements. So, I will stop there and we'll take our last part of the last poll for the webinar. And you should be able to see this on the screen.
So, let's take that poll. All right.
So, I think that we will stop there and I'll turn over the presentation to Brent and Zach. So, Richard, thank you very much. And for all of you out there, hello. I'm Brian Bell. I'm the Director of Product Marketing at Tanium. And also joining me today is Zach Warren, who is our Chief Security Advisor, who's based in Hamburg, Germany.
So, I'm in the U.S. He's in Germany. We're definitely covering at least the Americas and a good chunk of EMEA today for you.
So, Richard covered some really important topics for you. He went through endpoint management, endpoint protection, and also asset management, bringing up topics such as SBOM or your supply chain vulnerabilities in there. And overall, he really gave you some really solid points to really think about how are you managing your overall risk and vulnerabilities. And he also in there also highlighted at the beginning of his presentation, really, what are the challenges that we have that we all face now in our modern world? What are those IT challenges, those security challenges that we all face?
So, taking all this into account, what Richard covered for us, Zach and I are going to look at really what are those changes to our IT security landscape, but more importantly, given those changes, how are our organizations and our enterprises, how are we changing? How are we evolving to address these?
And so, let's get into our presentation a little bit. You know, Richard talked about being able to really manage and identify the vulnerabilities, but how many vulnerabilities are there actually really that we have to manage? Last year alone, there was over 25,000 new CVEs. And that's quite a bit.
So, you know, you're looking at over 2,000 new vulnerabilities a month. And this year so far, we're on track to either meet that or exceed that in 2023. And that's quite a bit.
And, you know, if you look at, you know, what you have to do in your companies to just identify those and remediate those, you know, you're looking at 2,000 a month. That's a lot. How do you do that?
You know, how do you identify those? How do you prioritize those? How do you work with the other departments to remediate and then report on those?
And it's, you know, it's a challenge. And I'm sure that you can all relate to that, that it's hard. And it's work that needs to be done.
Otherwise, you know, there can be some real damages done to your organization. So, looking at what our typical vulnerability remediation processes and procedures are, you can really break them into two areas.
So, there's the vulnerability identification and prioritization process. And then there's the remediation process. And if you look at this, we sort of laid this out and finding that, you know, this is a typical processes and procedures that a lot of organizations follow. And sad to say, some of these procedures were laid down 10, maybe even 15 years ago, and haven't really evolved since then, haven't really adapted to the challenges that we have to face now.
So, if you look at that, if I go to the top and I go from left to right, the first thing that we really can identify here is that when you go to scan and discover and, you know, try to find those vulnerabilities, and even in Richard's polls, most organizations have multiple disparate tools to do this. And when you run those multiple disparate tools, you know, are you really that efficient? How are you getting all the information? How do you compile all that information?
You know, how long does that take? And then what are you missing?
Also, when you run all these tools as well, moving over there, you have to alert your SOC and NOC departments too. Because typically, these are running across the network. And they're running from, you know, a centralized server or a couple centralized server going across your whole network.
And, you know, if you don't alert NOC or SOC, then they might stop the process because they think it's an intrusion. So, you know, you really need to look at that. And then if you want to look and try to find all your assets as well, you know, you're going to be running multiple disparate tools. And sometimes this can take two to three weeks to complete just to identify where all your assets are. And the next thing that I really want to highlight is, you know, there's some boxes here where you see down at the bottom that says Excel.
Believe it or not, a lot of companies out there are still managing things manually. They dump it down into an Excel sheet. They manipulate it there. They push out, you know, different reports and distribute those. And just to get that information into an Excel sheet takes a day or two. And then you're transferring over to, you know, from your security team over to your ops team. And they want to look at it. And then they're going to verify it with another tool. And then they're going to take all those vulnerabilities. And we're going to move down to the remediation process here.
And they're doing prioritization, again, probably in a manual way. And then you're going to go back to multiple endpoints here. And so you can see that there's sort of a theme here. There's multiple disparate tools. There's coordination between different departments. Usually they're, you know, looking at data from different tools so they may disagree. And so they have to validate all of this and then go out and try to fix it. And what we've identified here is really that this process, go back up, this process, this total time takes, you know, anywhere from six or even more weeks to go through.
And if you're looking at, you know, close to 2,000 vulnerabilities a month, being able to identify and remediate these in taking six weeks or 30 days, you know, might not be acceptable. So what do you do?
But Zach, is this something that you see is fairly typical out there when you're talking to customers? Yeah. So there's two things that I think that are really interesting about laying it out in a flow chart like this. And that's that it really highlights all the different steps that do take place in this process.
And I think a lot of times, you know, I talk to a lot of organizations that aren't doing that level of measurement and understanding exactly what their processes are today and really writing them out and drawing them out and looking at that, you know, almost playbook and trying to look for ways to automate, to scale it, to do all of these things. And so when you start putting it out in a flow chart like this, it really helps to visualize that. So that's kind of the first thought that comes to mind is I like to see organizations do a little bit more of this type of homework.
On top of that, you know, I try to remind clients that it's not your fault, right? These processes have been in place for years and years. And as we join new organizations, we have to kind of take on these new processes that are then laid out for us by the organization. And so I challenge organizations all the time and individuals to go back and say, hey, is this really the best way to do this?
You know, based on the technology we have in place, based on the knowledge we have and the people we have, what's the best process to do that? How can we automate it as much as possible? And how can we scale? And the other bit of feedback I constantly get is, well, Zach, you don't understand. My environment is just so complex, right? I do understand.
We rolled out and understood this type of program, this type of, you know, understanding what your vulnerabilities are, and they're mediating those within large government agencies and with branches of the military that have extremely complex environments. And we were able to get this time down quite dramatically. I even have clients and organizations that I've supported that are on a constant patch, right? So anytime a CVE comes in, and of course they prioritize these things, because if there's 2,000 of them in a month, you can't just go kill them all, right?
So you've got to prioritize and what makes sense for your business, what's going to impact you, what's the impact of that CVE. And then once those are prioritized, they get rolled out and patched immediately. So it can be done, right? It can be done to improve this. Great.
Thanks, Zach. And, you know, we're going to take a step back before we go and show you some of the ways that we can really improve this process for you and give you some tips and insights. But I really wanted to cover, you know, the one thing, you know, there was some constants there, which was the disparate point solutions and some manual processes as well. And really want to bring up the fact that, you know, point solutions are not working. And this is really when you have these multiple disparate systems out there, you have also multiple disparate agents out on your network.
What has been found is that 94% of enterprises are missing up to 20% of the endpoints. So 20% of those areas where vulnerabilities could come in. And what do I mean by that? Is that if you don't know where those endpoints are, if you're missing those endpoints, those are potentially unknown assets. And about 69% of the organizations have experienced breaches through unknown assets. So these disparate point solutions are really not catching all of that. And then if you put on top of that, you know, we talked about, you know, 2000 CVEs being found every month.
The other thing too, is that according to cybersecurity ventures, there's about, you know, one ransomware attack occurs every 11 seconds. So really being able to protect yourself, be able to monitor your systems, the point solutions just aren't working. And this is compounding the problem. And so much so that it's a national and federal issue that is, you know, we're seeing regulations and mandates being pushed down from, you know, here in the United States, you know, from the White House.
We have an executive order on improving our cybersecurity and CISA has new directives as well to help improve the visibility and vulnerability detection, especially on federal networks. And I know in the EU, there's also the NIS directive and also the Cybersecurity Act that are looking at really, you know, improving and, you know, fighting against cyber fraud and cyber attacks in the EU.
So, you know, we have to act against this. The point solutions aren't working well. And as Zach says, you know, some of these things, you know, it really isn't, you know, our problem where sometimes if you look at it, we're just victims of tradition, but, you know, the cyber criminals are breaking tradition all the time.
And, you know, what put another point on this, it's also costing our companies a lot of money every year. You know, I popped up a couple of headlines here.
And, but really, when you look at this down in the bottom left-hand corner here, you know, according to IBM, the average cost of a data breach last year was $4.35 million. And that cost is, you know, some of it relates to your employee costs and, you know, what it costs to move resources to try to fix a breach, the downtime it causes your company. There is also costs associated with data that gets lost. And then there's also costs associated with loss of reputation as well.
So, these costs are real. And, you know, you can read through this and look at it, and it's just, it's staggering.
So, something does really have to change. And, you know, as Zach says, it's possible. We see that the companies are adapting, and they are working to make these changes.
So, let's go back to our flowchart that we talked about before. So, if you look at this, and you look at the disparate tools that are over there on the left-hand side, you know, wouldn't it be nice if those, you can automate those.
And so, for scan, discover, and label, you know, automate that, automate the discovery, and integrate it with your asset management tools. And then for your vulnerability scanner agents, you know, help, you know, there is self-healing and continuous validation on that. And if you have that, if it's running all the time, especially if we can run this locally on the endpoint, so really true endpoint protection, then, you know, that whole process of notifying SOC and NOC kind of goes away because they know that it's there.
And so, because they know that it's there, and they know that it's running on the local agent. And now you can scan daily, and that scan can take, you know, 25 minutes or less.
So, you're reducing the time already by using automation, using more advanced tools, reducing the amount of tools that you're using as well. You know, one of the things you get to think about is that with multiple disparate tools, you have multiple disparate agents. Each agent takes up CPU.
And so, if you can reduce that, you're also going to speed up your overall network performance as well. So, let's talk about getting rid of some of these manual processes as well. And this is really pointing to looking at an overall platform approach to your vulnerability management and remediation. And what we're really talking about here, if you look at this top line, is that, you know, to automate, you're going to be using tools that are integrated into that platform.
To have the self-healing continuous validation, and they're running, they're going to be, you know, on that platform and be able to report across that platform. Not only that, but they're going to also be able to take that information and then correlate it with CVEs. And if the patch is already known and cataloged in on that platform, they're going to be able to deploy those patches automatically.
And one of the most important things, and one of the things we hear about from our customers, is that, you know, if the security team's using one set of data and your ops team is using another set of data, then you're spending time and cycles trying to get to, you know, what's that single source of truth.
If both of those teams are using the same platform and they have the ability to set up the parameters together and really look at the same data at the same time, you're also going to be reducing time just in that coordination, but you're also going to have greater cooperation because you're working off of the same data. So these are some of the advantages of having a platform approach up at the top here for your vulnerability identification and prioritization process.
Now, when it comes down to remediation, let's get rid of some more of those manual processes. Let's reduce all those multiple agents and have a single agent that does, you know, the monitoring, that can help deploy, that can look at the compliance of devices and applications that are out on your endpoints. You can also start automating the patches, not only of applications, but also OS and third-party software as well.
Being able to look inside those packages that are in your software applications, so looking at your software supply chain vulnerabilities, being able to look inside that as well and being able to remediate. And then being able to, you know, scan these faster and then also have integrations with your SIMs as well. And so if you look at this, we can really reduce that overall time and streamline this for you. So you can do a scan, discover and label, and you can see across this that we've taken it down from really from six plus weeks down to three weeks.
And what you're gaining here is using the modern tools and you're using tools that can help redefine those processes and procedures that you have in place and give you a platform that can be used across multiple departments so that you have greater cooperation and greater operational efficiencies as well. So here, you know, we've added in automation, actual visibility and prioritizing those CVEs, high efficiency, accelerated workflows, and reduced operational impact.
And this is really significant for a lot of our customers that have started to adopt this, but also changing those procedures with inside their organization is, you know, not only saving them time, it's protecting their organization in a much better way. Zach, can you add a little bit on this on what you've seen from some of our customers?
Yeah, absolutely. So, you know, one of the things that I get a lot of feedback on as I have this conversation with, so I coach mostly CISOs, also work very closely with CIOs. And as I start to showcase to them how they can help their teams by enabling them to streamline processes like this, they start to see the green and blue dollars, as we refer to them, that they start to win back. They start to win back hours of their employees' time.
And if you go and you have conversations with these organizations, not only is leadership happy about that, because these FTEs are now able to focus on true breaches or do research for the organization or actually do what they were hired to do instead of focusing on vulnerability searching and scanning and patching and things like that, but actually work on incidents. And then on top of that, you've got a savings and a better flow of time for the organization. And you know that you're in a better position and you've improved your overall, you know, cyber readiness.
And so a lot of organizations get really excited about starting to streamline this for those two facts. And if you think about, you know, your time, and I think back at my time of being a security analyst, also working as a security engineer in some of these large organizations and government organizations, you know, if we would have had better processes back then, I would have spent more time doing the things that I actually signed up to do and enjoyed doing. And so you see, you kind of see that improvement of the overall kind of experience for the employee as well.
So there's a lot to be won in looking at the processes that you have in place and trying to find ways to improve them through this type of automation and scalability. Great. Thanks Zach. And you know, on our next slide, you know, we are Tanium, and I just want to really introduce, you know, we talked about the platform and the advantages of the platform. And Tanium has our XEM platform, which is what we call our converged endpoint management platform.
And, you know, we talked about the automation, we talked about a single platform, a single source of truth for your different departments, and also the ability to provide vulnerability management, risk management, and compliance.
And with our converged endpoint platform, we provide all of this for our customers from endpoint management to risk and compliance to incident response, but also improving the digital employee experience as well, which is, I'd have to say, you know, as we move forward, a future thing to, you know, really help with inside your organization is improving that digital employee experience and having the tools in which you can do that efficiently and meaningfully to your employees and also to your partners as well. So this is what Tanium offers.
And if you want to give it a try out, I'm going to put this next slide here. We have a little QR code that you can actually scan. You can pull out your phones and scan that. It'll take you right to the page. And the code does work. I tried it yesterday afternoon just to make sure. But what we found is that customers using this free tool, some of them have found that just with this free assessment, they've found, oh, wow, you know, I have assets and endpoints out there I had no idea that I had. And I have some CIS connections that have failed. I've been able to find those.
And, you know, I've also been able to see, you know, there's some CVEs out there that, wow, didn't know existed. So feel free, this is, you can do this, run it free, and really start addressing some of the things that we covered in terms of automation and greater visibility, but also you can look at some of the things that Richard brought up as well by doing this risk assessment. So with that, I'm just going to conclude here on our presentations.
And, you know, in summary, you know, it is vital to review your existing vulnerability management processes and toolings. You know, sometimes we're a victim of tradition, you know, this is the way we've always done it type thing. But we always have to question, you know, are they working? Are they efficient? Are they providing the protection and the efficacy that is demanded today?
You know, I guarantee the people that are out there taking advantage of exploits and vulnerabilities, you know, they're not sticking to tradition, they're finding new things and new ways to attack you and to get your vulnerable data and to inject malware into your systems. So, you know, they're not resting on their laurels and neither should we. We should always be looking at how do we evolve to address the environment that we have to protect against.
Also, you know, look at how you can minimize those processes. Look at how you can collaborate with the other departments that are critical to improve your efficiencies. And also to read off of the same book, you know, really have that single source of truth. And then once again, take that complementary taming risk assessment to understand your current posture.
So, with that, I'd like to, you know, bring to close and finish our webinar today. So, thank you very much. Thank you for taking time out of your day to listen to us. And we hope that we were able to provide you some insights and some ideas on how you can improve not only your processes, but look at ways that you can also improve your risk posture out there as well.
So, with that, thank you very much. Thanks a lot, Brian.
Thank you, Brian, Zach. I think we will show what the poll results are first. And then we'll go on to the question and answer.
So, the first question, what IT security solutions are in your organization? It looks like there's a little bit of all. Brian or Zach, Brian or Zach, does this surprise you or what's your impression?
No, it doesn't surprise me one bit. There are so many security tools out there in every organization. The question that I would ask in addition to that is how integrated are these? And how are they utilizing the data?
But no, that looks just about right. Well, I think we'll just move straight on to the question and answer session here.
So, the first question that comes up, how can system and organization controls or SOC report help manage the software supply chain or third-party risk? How should organizations deal with a third-party security risk? Do you want me to take that one on?
Yeah, I was going to say, do you want that one, Brian? And I'll back you up. Sure.
So, this is something that's increasingly difficult. I mean, one of the incidents that happened a couple of years ago that really highlighted this was solar winds. And with that, there was a vulnerability that was basically put in place inside a packet that was then distributed as an update for solar winds to thousands of customers.
So, the bad actors out there, they're thinking of new ways of how can I get into an organization? And they know that through open source and third-party solutions, that there's ways that they can put their malware inside there. You're not going to know it exists. And then it gets distributed. And it's sort of hidden in these packets that a lot of traditional vulnerability management and scanning tools don't pick up because they're looking at the package on its toll.
So, really to address this, there's two things. One is that when vendors are actually developing and using tools like this, part of their responsibility is to really look at their software build materials and make sure that there aren't any vulnerabilities in there before they distribute it.
And this, they really need to look at what open source do I have in there? Have I validated it? Is it okay to push out? Is it safe? But they miss things as well.
So, it really becomes important, especially for organizations to be able to look inside the packets, especially at runtime of the applications that they have running to make sure that, hey, inside this library, there's a log4j vulnerability. And I now have ability to identify it. And then I can remediate it, which means if you have a patch, patch it as soon as you can. If you don't, you can remediate by taking it down, stopping it that way. But it really is, you know, you need to have trust in those third-party applications.
But you also need to protect yourself as well by having a tool such as, you know, Tanium provides you with the ability to identify those packets and then also, you know, identify the CVEs and do automatic remediation against those as well. Hey, thank you. The next question is, how do you shift from risk ID to remediation? I don't know if that's specific to your platform or could you speak to that?
Well, for me, it's all about prioritization, right? So, you need to understand what your risk is or how certain CVEs would affect your environment. I think this is the direction that the question was going. But if you just look at, you know, 2000 CVEs on a monthly basis and try to go and handle those, you're going to be overloaded, right? Especially with the poor process that we just highlighted. But if you understand exactly when a CVE does pop up, what it actually affects, what applications are affected by it, and then if you're able to then locate that and then remediate it, right?
So, it's a whole process of understanding, you know, where you are, what your valuable, you know, assets are, and then where these vulnerabilities then live in your environment. But yeah, it's – you have to know that risk. You have to understand what the risk is to your environment, to your business.
Okay, we have a couple more questions. The next question is, how can we get SecOps and ITOps to look at the same data?
Well, I'll jump in on that one, Brian. Go ahead. That sounds like a softball question to me, a Tanium employee asking questions. That's what Tanium is built on. That's the reason that Tanium exists, is to give organizations the same set of data so that they can be making conversation and having basically the same language across the board. I talk about improving teams all the time, and one of my biggest pet peeves are silos in organizations where I say, I'm in security operations, this is my tool, don't touch it, and I don't want anything to do with your tool, right?
That's a poor way to run an IT organization today because security is built in or should be built into everything. And so, the best way to get security operations and IT operations to be utilizing the same data is to give them the same equipment, right, give them the same technology to be working with so that they have the same system of record.
If that's Microsoft in some organizations, if that's using a SIM, like a Splunk or Sentinel or something like that in other organizations, or as we would like to see it, utilizing Tanium because Tanium can give you that visibility and both teams can then work from that data because the software, there's vulnerabilities found in software and the security team then raises their hand and says, hey, I need these things patched. IT operations, on the other hand, says, I see that in the system and I can go ahead and accept that or push that patch.
And so, it's really the best way to kind of tear down those silos is to give them the same platform to be working from. And Tanium's the best at doing that. Yeah. The last question, how are CVEs automatically prioritized? I think you may have touched on that a little bit during your presentation, but do you want to wrap that up, Brent? Yeah.
So, especially when you set up your vulnerability management on a platform such as Tanium, you can set up a little bit of your risk profile, some of the things that you're looking for. And then when CVEs are found, they can be automatically prioritized based on what's most important to your organization.
So, you know, you set this up once in a platform and then when those CVEs are identified, then they're going to be prioritized. You're also, you know, a platform can be alerted to, okay, here's one that you've identified that is, you know, that, you know, has a high potential of danger, right?
So, that can go right up the top and can be, and you can be alerted on that one as well. One of the things Tanium has done in one of our recent releases as well is we've also integrated into that prioritization process what's called CISA-KEV, or CISA publishes what are known, what's called their known exploitable vulnerabilities, or the most dangerous of the dangerous.
And so, that's now part of our prioritization process as well for your CVEs. So, if a CVE is identified that matches up with a CISA-KEV, then it goes right to the top and you get alerted to it. And it also comes in with some of those CISA-KEV vulnerabilities, you know, in the U.S., if you're regulated, have a certain time frame in which you need to fix it. And that's also pushed up to the top as well. But it really is based on, you know, what is, what is your risk tolerance, setting up what's important to your organization and what you need to know about.
So, you know, a manufacturer is probably going to have a different profile than a healthcare provider. And they're going to be looking at different things and different things are going to be more important to them. But you can set that up in a platform such as TANF.
Okay, Brian and Zach, thank you for your time. We came up to the end of the webinar. And I'd also like to thank the audience for attending.
Again, the video and presentation will be available on the Cooper-Nicolle website. Thank you. Thank you very much. Thank you.
