Third party audits are also an integral part of the process as they are used to validate compliance with the defined requirements. Most audits evaluate mitigation practices for vulnerabilities CVSS ranked as Critical and High but generally exclude those classified as Medium and Low. The challenge with this approach is that cyber risk is associated with all levels of vulnerabilities and with limited resources, most organizations struggle with understanding which vulnerabilities they should fix.
Jim McLarty, VP of Cyber and Information Security, at Independent Bank was concerned about the risk associated with all vulnerabilities…not just those being audited. He wanted a solution to prioritize mitigation activities based on real-world risk.
Through ongoing security audits and penetration testing exercises with Plante Moran, Jim understood the impact even minor security gaps could have on Independent Bank. As he searched for a risk-based vulnerability management solution, TARA was an obvious choice as it could ingest existing scan data and deliver a risk context.
To meet the needs of Independent Bank, TARA leverages threat intelligence from the dark web and applies machine learning to predict the potential impact each vulnerability will have on the environment. Findings are ranked on a scale of 0-1000 and any vulnerability scoring 650 or above is prioritized for immediate remediation. TARA provides risk insights that do not exist with traditional scanning solutions.
It’s no secret that evolving cyber risk puts any business in jeopardy. Independent Bank addressed their concerns and solved several challenges with the TARA deployment:
