Cygilant launches new subscription service that unifies vulnerability and patch management

    Feb. 13, 2018
    New Security as a Service, SOCVue VPM, automates the identification, prioritization, and patching of vulnerabilities to reduce attack surface
    Related To:
    Cygilant 5a83526dcf83f

    Boston, Mass., February 13, 2018 - Cygilant, a pioneer in hybrid Security as a Service, today launched SOCVue Vulnerability and Patch Management (VPM),  a new subscription service that unifies vulnerability and patch management into a single offering. SOCVue VPM automates the process of detection, prioritization, and patching of vulnerabilities with an auditable change management workflow to continually reduce the attack surface and improve protection against cyber attacks in a cost-effective manner.    

    A new report from the Online Trust Alliance (OTA) recommends regular patching and paying close attention to vulnerability reports as a best practice, while neglecting both is a known cause of breaches, noting that both should receive special attention in light of the Equifax breach. The report found that 93 percent of breaches that occurred in 2017 were avoidable, with 52 percent attributed to hacking. Likewise, WannaCry and Petya malware also spread quickly due to inadequately patched systems. Verizon’s 2017 DBIR analysis showed that only 61 percent of organizations finish the patching process and patches not installed after 12 weeks tend to go unpatched for good.

    SOCVue VPM not only answers the critical question of “am I vulnerable” but also provides an elegant mechanism to fix vulnerabilities and reduce or prevent being compromised.  SOCVue VPM eliminates information silos, improves collaboration among cross-functional teams and increases accountability while reducing inefficiencies that impact most organizations today.  IT and security teams can leverage SOCVue VPM to scan their IT environment to identify vulnerabilities across operating systems, network devices, and applications, and prioritize vulnerabilities based on business risk and deploy available patches to plug vulnerabilities -- all from a single pane of glass. The built-in auditable change management process keeps a record of “who-what-when-where” of all deployed patches.

    Over the years security-conscious and compliance-mandated organizations made significant investments in leading vulnerability technologies such as Qualys, Rapid7, and Tenable. While these technologies do an excellent job of detecting large numbers of vulnerabilities, IT teams struggle with prioritizing vulnerabilities and are forced to use a separate patch management tool to patch these vulnerabilities. The traditional processes of managing disparate vulnerability and patch management solutions are time-consuming, prone to error, and costly. As a result, it is not uncommon for IT teams to miss patching critical vulnerabilities, as was the case in the 2017 Equifax breach.  Cybercriminals rely on these broken processes to exploit system vulnerabilities, unpatched systems and applications. Cygilant’s SOCVue VPM service streamlines the entire process with:

    -       Continuous scanning of IT infrastructure to identify vulnerabilities with support for Qualys, Rapid7, and Tenable vulnerability management technologies

    -       Analysis and prioritization of vulnerabilities based on business risk, exploitability, and patch availability by Cygilant’s SOC team

    -       A single pane of glass that provides prioritized vulnerabilities and available patches with the ability to deploy patches

    -       Built-in auditable change management workflow to review, approve, schedule, deploy and validate patches to fix vulnerabilities

    -       Re-scanning to confirm vulnerabilities are fixed  

    -       24x7 availability of Cygilant’s global SOC security analysts to assist customers with detection, prioritization, and deployment of appropriate patches including Windows, Linux, Mac, and third-party applications such as Adobe and Java.

    -       Detailed reporting on a daily/weekly/monthly basis to meet regulatory compliance mandates such as FFIEC, PCI-DSS, HIPAA, NIST, and more.

    “SOCVue VPM is a disruptive vulnerability and patch management solution that saves customers significant resources and time while increasing their security posture,” said Vijay Basani, Chairman and CEO, Cygilant. “With our global SOC security analysts working as an extension of customers’ IT teams, we become a force multiplier in continuous detection, prioritization, and patching of vulnerabilities to reduce the attack surface and mitigate risks to protect IP, customer data, and financial assets.”

    About SOCVue

    Cygilant’s SOCVue® is a subscription security as a service that combines people, process, and technology to deliver a cost-effective information security program, including:

    ·      Managed Incident Detection and Response

    ·      Managed and Co-managed SIEM & Log Management

    ·      Managed and Co-managed Vulnerability Management

    ·      Managed Patch Management

    ·      24x7x365 Monitoring by Trained Global SOC Security Analysts

    ·      Compliance Reporting

    ·      Auditable Change Management

    About Cygilant, Inc.

    Cygilant, a pioneer in hybrid security as a service, is transforming how organizations of all sizes build an enterprise-class security program. Acting as a multiplier to customers’ IT teams, Cygilant provides 24x7x365 security and compliance visibility, managed incident detection, response and remediation guidance backed by best-of-breed technology, industry best practices and global SOC analysts. Cygilant is a trusted advisor to organizations that need to protect customer data, PII and PHI data, and Intellectual property against cyber threats and vulnerabilities. For more information, visit: https://www.cygilant.com