As an MSSP, being proactive in your approach to cybersecurity is a best practice. Ensuring that your customers are doing their part to update and patch their systems is critical. If you can integrate your asset management with your SOC/XDR platform there are huge gains to be realized.
Scanning all your customer environments is the first step. This can be done with many different vendors, but one that our partners like to leverage is CYRISMA. Partners primarily scan for compliance requirements, but it should be done regularly for all clients. Once that information is collected there are several key steps to take:
- Review the scan to ensure all relevant assets have been included – this is a key step if customers forget to let you know when they add additional systems.
- Review the posture of the systems for devices that require updates.
- Develop a list of required updates and set a timeline.
- Build a closed-loop process to ensure the assets are maintained – notify administrators and users and audit regularly to make sure any needed steps are taken.
- If protected data is detected, add data classification tags by asset.
Most partners scan monthly, and some partners scan daily for continuous compliance. The approach will vary based on the maturity of your customers. The goal is to get your customers to the desired risk posture.
Once this is achieved, it is time to ingest this information into your SOC/XDR platform. Armed with this critical information, the XDR platform will be able to increase or decrease the severity of an alert automatically. If the asset is vulnerable to the threat, the XDR platform should increase the risk score based on this knowledge. If it is not vulnerable, it should decrease it.
With this integration, CYRISMA brings a rich suite of asset management capabilities to the Stellar Cyber Open XDR platform. It:
- Integrates vulnerability management
- Incorporates data classification tags by asset
- Enables asset secure configurations
- Adds additional risk data points through CYRISMA’s grading system.
Stellar Cyber has several enriched ML-based detections that dynamically leverage the asset information from CYRISMA. Our partners report a significant reduction in false positives for properly patched systems. They also have the information they need to act quickly when an unpatched asset is under attack.
If you would like to learn more, please reach out to me at [email protected].