Case Study

Analytics Organization Develops Vulnerability Management Program for PCI Compliance

Management program enables organization to act fast in reducing vulnerabilities and improve security posture

Challenge

A data analytics organization was facing an upcoming PCI audit and in jeopardy of failing due to inadequate resources to operate their vulnerabilities management program. With no time, people or resources, the organization’s vulnerabilities were left exposed and only being patched in an ad-hoc fashion.

In order to turn their vulnerability management program around and ensure a successful audit, the organization sought help from WWT to provide resources and expertise to the situation.

Solution

WWT’s cybersecurity team engaged the organization to address prior PCI audit findings. In reviewing these findings, WWT could adequately implement a repeatable and scalable vulnerability management process that would fix current issues and improve the organization’s security posture company wide.

WWT created a formal vulnerability management program guide that aligned with the organization’s policies and control procedures, while also following industry standards and regulations. Additionally, WWT integrated Qualys, a cloud-based product suite, into the organization’s architecture to provide automated vulnerability scans and system protection.

While performing the first round of scans, more than 4,000 critical vulnerabilities were identified. To be PCI compliant, the organization needed to remediate all vulnerabilities in 30 days.

With the organization still experiencing a shortage in resources, WWT trained the operations team on how to manage the vulnerability program and supplied staffing resources to hold daily and weekly briefings with the organization’s leadership to review detected vulnerabilities and monitor the remediation process to ensure it was completed within a month.

Conclusion

By using our proven delivery methodology, WWT adequately evaluated the current level of risk and exposure within the organization and implemented a successful vulnerability management process. The organization was able to act fast in reducing vulnerabilities and improve their overall security posture.

While the implementation of the vulnerability guide was a success, it only encompassed two of the many products owned by the organization. The organization is now consulting with WWT to continue the rollout of the vulnerability management guide to other priority products within the organization.