From Vulnerability Discovery to Remediation: How Tenable and HCL BigFix Can Help
Reducing the time required to move from vulnerability assessment to remediation is a never ending challenge for most organizations. Here's how the integration between Tenable and HCL BigFix can help you quickly correlate vulnerabilities and patches to reduce risk.
It's no secret that organizations are faced with an onslaught of vulnerabilities every day. In fact, organizations are struggling to remediate their most critical vulnerabilities. The majority of breach victims (60%) said they were breached due to an unpatched known vulnerability where the patch was not applied. In this blog, we address the challenges faced by organizations as they look to streamline the process of finding and fixing vulnerabilities and explore how the integration between Tenable and HCL BigFix can help.
Traditionally, organizations think of the attack surface as being only limited to employee workstations, servers and desktops. But, over the years and with the emergence of new technologies, the attack surface has expanded to include web applications, cloud assets, operational technology (OT) environments, mobile devices and a massive shift of employees working from home and using their own devices. Yet, most security teams have only a fragmented view of their entire attack surface. This, in turn, means they're only able to provide incomplete guidance, at best, to the IT teams responsible for remediation. Ultimately, this leads to wasted time and resources and limits the organization's ability to effectively reduce its cyber risk.
How organizations are managing and remediating vulnerabilities today with existing tools
To continue the story, we need to understand how security and IT teams are working to reduce cyber risk with their current tools.
In the above diagram, we see how the security team and the IT operations team work together using traditional tools to remediate vulnerabilities. Security professionals assess the network using one or more vulnerability scanning tools and then compile the results from these various sources. When the vulnerabilities are gathered, each vulnerability needs to be assessed to determine which ones pose the greatest risk. How? In most organizations, the process generally relies on Common Vulnerability Scoring System (CVSS) scores, which do not give the full breadth and depth of the potential risk posed to the organization. For example, 56% of the more than 18,000 vulnerabilities disclosed in 2020were classified as having high or critical severity. The sheer volume leaves mounds of work for security pros as they look to identify those which pose the greatest risk to the organization. Then, each of these vulnerabilities has to be manually researched for additional context, a process which can be extremely lengthy and error prone.
Once the security team has consolidated the vulnerability findings into a working excel sheet or other document, it's typically sent to the IT operations team to deploy patches. The list is usually sent to IT via email, through a shared collaboration tool like Slack or, in the more sophisticated organizations, by a basic ticketing system. At best, these manual documents only illustrate the ‘point in time' risk of a particular vulnerability. Most basic ticketing systems only automate the routing of the vulnerabilities and do nothing to solve the prioritization and remediation correlation problems. Making matters worse, in most cases, the IT operations team only receives the data on a weekly, monthly or even quarterly basis.
Tenable + HCL Integration Overview
The integration between Tenable and HCL BigFix enables organizations to see everything, predict what matters and act to address risk. The result? They can utilize the best of both breeds in a single dashboard, accessing Tenable's vulnerability coverage, paired with Predictive Prioritization, to focus on what matters most, combined with BigFix to automatically correlate the right remediation to the right vulnerability.
With this integration, the burden of manually looking up each vulnerability on a static spreadsheet and then trying to match the vulnerabilities and their affected hosts with the most up-to-date patch is radically reduced.
The combined capabilities of Tenable and HCL BigFix can drastically improve an organization's overall security posture by reducing mean time for remediation and patch workflows. Organizations have confidence in knowing they are able to effectively and efficiently prioritize remediation of the vulnerabilities most critical to their business, fast-tracking their ability to reduce risk.
The above screenshot is an example of how security teams can view Tenable vulnerabilities with appropriate fixlets within the BigFix Insights vulnerability remediation dashboard. The data can be displayed as:
- a pie chart showing the top 5 vulnerabilities by devices with a filter for Tenable's Tenable's Vulnerability Priority Rating (VPR) or Asset Criticality Rating (ACR);
- a breakdown of vulnerabilities by Tenable's VPR; and
- a timeline breakdown of when the vulnerability was first detected or published based on CVSS or VPR.
Users can drill down further to get details on the vulnerability, affected devices and BigFix Fixlet.
The screenshot above provides a view of results filtered by Tenable VPR score, which security and IT teams can use to determine which vulnerabilities pose the highest risk. This dashboard example also shows the appropriate BigFix Fixlet Title and ID to push those patches. This information is up to date on a daily basis and always shows the most recent patch to apply, eliminating the need for spending time manually matching.
Learn more about Tenable and HCL Big Fix
- In this ESG publication, Dave Gruber, senior analyst at ESG, takes a closer look at the vulnerability management and remediation challenges organizations face and dives into how security teams can dramatically save time and reduce manual efforts with BigFix Insights Vulnerability Remediation. For more detailed information on this integration, check out our demo overview video and our solution overview or contact us to get started.
- HCL is a strategic partner within Tenable's Technology Ecosystem, which contains over 90 partners and 180+ unique integrations. The breadth and depth of Tenable's ecosystem helps joint customers improve their security programs by combining Tenable's market-leading risk-based vulnerability management solutions with other security applications in their environment. This "better together" approach, by combining the best of both breeds with Tenable and HCL, helps serve and strengthen security programs of all sizes around the world.
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.