Vulnerability Management

How to successfully monitor your attack surfaces

In an extreme case, vulnerability management could save your business.

Massive breaches have reminded many companies of the huge risk IT vulnerabilities pose and have prompted them to take firm, proactive action to manage them. But complex, cloud-based infrastructures present such a huge attack surface that it’s hard to keep track of all the bugs. This is good news for cybercriminals, who have learned how to exploit these weaknesses.

There’s also regulatory pressure to manage IT vulnerabilities: for example the regulators require organisations providing IT services in the finance sector to have a risk-based vulnerability management programme in place.

With or without regulation, your organisation has a vested interest in managing its IT vulnerabilities.

You are new to this topic? 

Read our blog

 

How we have helped clients in the three key areas of vulnerability management

IT governance

We set up IT governance and risk management to help the client identify vulnerabilities relevant for the organisation and thus make best use of the available resources.

Process integration

This isn’t a stand-alone process. We have helped clients align their vulnerability management to the relevant IT, security, business and regulatory context.

Tooling & tool integration

We eliminated the great manual effort involved in managing vulnerabilities by making sure the client had an integrated tool landscape.


Benefits of strong vulnerability management

Holistic view of vulnerabilities 

You have an established and enforced set of processes for managing vulnerabilities, from identification to remediation. 

 

Attack surface managed 

Transparency on open vulnerabilities across the technology stack facilitates a timely reaction and remediation and gives you a full view of your current compliance status.

Defined IT governance

Roles, accountabilities and responsibilities across the IT and security teams involved are clear, with defined governance structures and frameworks.

Evidence-based compliance

You have a clear framework and controls for assuring regulatory compliance and standard and ad hoc reports to demonstrate it.

Integrated tooling and interfaces 

A simple solution design harnesses orchestration and correlation tools, providing automation and giving vulnerability scanning tools greater independence.

Our approach to vulnerability management

Regardless of which phase your organisation is currently in, we help you to adjust to the changing regulatory environment and secure your IT assets continuously. 


1. Assess

Reviewing your current status by performing a gap analysis

  • We recommend analysing the gaps between your current set-up and FINMA’s new cyber-risk management requirements and guidelines. This will show what initiatives you have to implement to be compliant, as well as benchmarking your organisation’s maturity.
  • We suggest making a detailed roadmap including priorities for projects and deadlines. To achieve buy-in, it’s advisable to submit this roadmap to the executive and board of directors for approval.

2. Transform

Enabling you to track and address the vulnerabilities

A huge part of vulnerability management is the remedying the identified vulnerabilities and enhancing the specific solution.

We close the identified gaps and help you comply with the regulatory and security requirements. This includes conceptualising the technical scanning architecture as well as developing and establishing the organisational and procedural requirements for vulnerability scanning.


3. Run

Taking charge of the process to free you up to concentrate on core business

We provide vulnerability management as a service. This involves operating the scanning solution for you (ensuring the availability and functionality of the scanning solution). We carry out regular vulnerability scans, taking operational responsibility for implementing the vulnerability management process. 

Taking charge of the process to free you up to concentrate on core business

We provide vulnerability management as a service. This involves operating the scanning solution for you (ensuring the availability and functionality of the scanning solution). We carry out regular vulnerability scans, taking operational responsibility for implementing the vulnerability management process. 

Contact us

Cybersecurity: Vulnerability Management

Contact us

Fabian Faistauer

Fabian Faistauer

Cyber Compliance Monitoring, Director, PwC Switzerland

Tel: +41 58 792 13 33

Lorenz Neher

Lorenz Neher

Head Security Architecture and Operation, PwC Switzerland

Tel: +41 58 792 47 85