The client is a mining company in Australia. They did not have a standardized vulnerability management program due to which the security risk was high.

Infosys, with a proven capability model and matured execution process, established a unified approach to manage the vulnerabilities from detection to remediation, thereby reducing more than 80% vulnerabilities.

Key Challenges

  • No vulnerability scanning for more than 12 months
  • Huge backlog of vulnerabilities posing high risk of cyber-attacks
  • Lack of security awareness and ITIL processes increased number of vulnerabilities and security risk
  • No standard SLAs for scanning and timely remediation
  • Multiple and diverse remediation teams leading to increase in operations effort
Line

The Solution

Developed risk-based model to remediate vulnerabilities

  • Created risk-based model prioritizing assets and vulnerabilities for remediation
  • Assisted in asset classification which was challenging due to mix of IT and OT assets
  • Created inventory of all devices in the enterprise to help in planning of upgrades and future assessments
  • Coordinated and assisted different owners for effective remediation
  • Defined escalation matrix, SLAs, and RACI and aligned them with rightly identified owners
  • Tracked vulnerabilities using ITSM (ServiceNow) tool and performed reverification scans to validate the applied fixes
Line

Benefits

Faster and effective remediation of vulnerabilities

Reduced overall risk by identifying known security exposures

Reduced overall risk by identifying known security exposures

Resolved more than 80% backlog of vulnerabilities

Resolved more than 80% backlog of vulnerabilities

Standardized vulnerability management program by documenting learnings and gaps post the Tiger Team approach

Standardized vulnerability management program by documenting learnings and gaps post the unified vulnerability reduction approach

Reduced manual efforts from 20 hours to 15 minutes by automating vulnerability reports per ownership

Reduced manual efforts from 20 hours to 15 minutes by automating vulnerability reports per ownership