Workbooks and Playbooks Identify High-Risk Vulnerabilities, Guide Remediation
Today we are announcing some enhancements in our cloud-based Vantage platform to provide operational technology security teams with actionable intelligence that helps them respond to high-priority vulnerabilities and coordinate remediation steps to identified threats.
Since its launch earlier this year as the industry’s first Software-as-a-Service (SaaS) security offering for OT and IoT networks, Vantage has helped Nozomi Networks customers reduce their costs of deployment and management, while offering a more scalable, centralized platform in the cloud.
Vantage unifies security processes into phases such as identification, assessment, detection, and action/remediation. The enhancements are designed to support admin efforts to assess vulnerabilities and, when threats are detected, establish a playbook that will guide and coordinate remediation efforts across teams.
Vantage Workbooks Focus on High-Priority Operational Technology Security Tasks
The vulnerability assessment rankings in the Vantage dashboard show which actions can reduce the most risk across the greatest number of devices. Vulnerability assessment information is aggregated from our database of Common Vulnerabilities and Exposures (CVE) and correlated with customers’ asset inventories into a workbook of prioritized items to address.
From the dashboard, security admins can quickly research the details behind the risk assessment, such as the CVE reports and specifications, to further verify the applicability of each potential risk.
The vulnerability workbook dashboard is a powerful visual report that can be shared with management to justify remediation efforts, or provide top-level status of the organization’s exposure to various known threats and cost trade-offs that need to be made.
New Vantage Playbooks Assist OT Security Threat Remediation Efforts
Incident response playbooks are an integral component of a cybersecurity strategy. Playbooks typically consist of a series of procedures that are triggered by one or more security alerts or incidents. Such playbooks can help security teams close incidents faster, while ensuring that regulatory and compliance requirements are met. Now, playbooks are a key piece of the Vantage platform threat detection and response capabilities.
In addition to customizing alerts for specific threats and vulnerabilities, security professionals now have the option to create custom playbooks designed to offer expert response plans for each alert.
Vantage playbooks guide remediation steps for specific threats to help coordinate and accelerate operational response. Playbooks can be customized to specify workflows for each alert. This allows them to address individual customer environments and workflows, such as specifying named contacts to notify, or how various systems need to be managed.
The playbook editor allows admin teams to customize procedures and details as needed, and attach the edited playbook to specific scenarios. Rules can specify when individual playbooks are triggered or assigned, based on various network and security attributes such as an IP address range of affected assets, ports involved, or protocol used.
Vantage is a Seamless Extension to Customer Deployments
For long time Nozomi Networks Guardian customers, top of mind questions included: when is the right time to migrate to Vantage, and what’s involved in the transition?
The good news is that Vantage isn’t a replacement platform for Guardian, but rather a seamless extension to an existing Guardian deployment that brings the management and analysis into a SaaS platform.
Customers were happy to know that Vantage can be deployed to support multiple sites and locations while maintaining their existing network(s) of Guardian appliances and Central Management Consoles (CMC). And, Vantage can connect to either Guardian or CMC appliances, depending on whether a site or region wants to maintain its own local management instance and network view.
With Vantage, customers can get a global view of their organization’s security posture and vulnerabilities that can be tied into the SOC, while supporting much more scalability and an overall lower cost of ownership. And with virtually all the same features and intuitive UI that customers are used to with Guardian, it may be harder to justify a completely on-prem platform.
For more information on the enhancements, we invite you to read the press release, or schedule a personalized demo.