Analytics Organization Develops Vulnerability Management Program for PCI Compliance
In this case study
A management program enables the organization to act fast in reducing vulnerabilities and improves overall security posture.
A data analytics organization was in jeopardy of failing an upcoming PCI audit due to inadequate resources needed to operate their vulnerability management program. With no time, people or resources, the organization's vulnerabilities were left exposed and only being patched in an ad-hoc fashion.
In order to turn their vulnerability management program around and ensure a successful audit, the organization sought help from WWT to provide the needed resources and expertise.
As a first step, our cybersecurity team reviewed the customer's prior PCI audit findings. We discovered that we could implement a repeatable and scalable vulnerability management process that would directly fix current issues and improve the organization's overall security posture.
WWT developed a formal vulnerability management program guide for the customer that aligned with existing policies and control procedures and followed industry standards and regulations. Additionally, we integrated Qualys, a cloud-based product suite, into the customer's architecture to automate vulnerability scans and system protection.
While performing the first round of scans, more than 4,000 critical vulnerabilities were identified. To be PCI compliant, the organization needed to remediate all vulnerabilities in 30 days.
With the customer still experiencing a shortage in resources, WWT trained their operations team on how to manage the vulnerability program. We also supplied strategic staffing resources to hold daily and weekly briefings with customer leadership to review detected vulnerabilities and monitor the remediation process to ensure it was completed before the audit.
By using our proven security delivery methodology, WWT evaluated the level of risk and exposure within the organization and helped design and implement a successful vulnerability management process. We then supplied the resources and process needed to help the customer reduce vulnerabilities in a very short timeframe in order to pass an upcoming PCI compliance audit.
While the implementation of the vulnerability management guide was a success, it only encompassed two of the many products owned by the organization. The customer is now consulting with WWT to continue the rollout of its vulnerability management guide to other priority products within the organization to further strengthen their security posture.