The Bottom Line
Allocate More IT Resources To Value-Added Tasks
A common theme we’ve noticed during our regular touchpoints with clients is that they’re being overwhelmed by vulnerability remediation. Security departments are continually requesting remediation of newly identified vulnerabilities. These tasks, alongside day-to-day operations, take a significant amount of time to research, test, and deploy. Our newest service offering, Vulnerability Remediation as a Service, can help complete those on-going tasks.
To further assist in VR, we’re working with our clients that want a view of their vulnerability landscape using our Power BI Dashboard. This custom dashboard gives a quick and simple way to assess your organizational risk for remediation prioritization, create an order of priority, and identify the remediated devices.
At Model Technology Solutions, we think that IT automation is a powerful tool for improving security, efficiency, and reallocating resources. We’d love to help you tackle your vulnerabilities and free your team for other tasks you’d like to focus on in addition to keeping things secure.
The Bottom Line
Typical Vulnerabilities We Help Remediate
- OS Patches not applied
- Devices that need restarted Outdated drivers
- Out of compliance systems
- Out of configuration systems
- General system security recommendations
- Stale devices in your directory
- Devices that haven’t checked in for a period
- OS upgrades
- Unwanted rogue software
Vulnerability Remediation Process
You provide a vulnerability report and/or identify specific vulnerabilities we want or need to address. If you do not have specific priority vulnerabilities to address, we will make prioritization recommendations based on our review of your vulnerability report.
We develop remediation plans for prioritized vulnerabilities, including (but not limited to):
- Identification of strategy and changes necessary to remediate vulnerability.
- Identification of technical configuration to implement within your environment to remediate vulnerability, leveraging existing tools and resources where available or providing recommendations on additional tools if and when necessary.
We execute your change management processes to obtain approval to implement the necessary changes.
We implement the remediation plan as approved, working you and your staff as appropriate, including (but not limited to) the following:
- Update of technical configuration as needed and as possible using your available tools, including (but not limited to):
- Development of custom scripts, as needed
- Creation or update of policies to control endpoint configuration, as needed
- Group Policy
- Intune Policy
- MECM client settings
- Packaging and deployment of applications and application updates, as needed
- Intune app packaging & deployment
- MECM app packaging & deployment
- Deployment of operating system updates and upgrades, as needed
- Update of endpoint and application configuration, as needed
- Testing & validation of technical configuration changes within controlled scenarios
- Manage the piloting of technical configuration changes with designated pilot devices and users
- Manage and present further reviews of the changes as required by your change management processes
- Manage the production rollout of technical configuration changes
- Assist your staff with the creation of required end-user communication as part of the change management processes
- You will bear final responsibility for distribution of communication to necessary recipients
- Remediate issues with technical configuration change implementation through minimum 95% compliance with active and applicable users and endpoint changes.
We meet with you quarterly to review service status, discuss the previous quarter’s successes, plan the upcoming quarter’s priorities, and provide recommendations for improvement.
What Our Clients Have To Say
“The Vulnerability Remediation service has been helpful to us, especially when we lost our VP Global Cybersecurity Lead. Even now that we’ve newly hired, we continue to work with Model on specific VR tasks.”
CIO | Global Venture Private Equity Firm