Optimize Operations
Vulnerability Prioritization
Combine both vulnerability context with business impact context for true risk-based prioritization
Example: Customer was prioritizing based on CVSS score and overwhelmed with “critical” vulnerabilities that the IT teams were not patching. With KeyCaliber’s business impact scores, the vulnerability management team’s prioritization switched to focus on the critical assets. The IT team began patching adequately because their workload was manageable and the vulnerability management team could justify the business need for the patching.
Alert Prioritization
Enrich alerts with asset context to inform priorities
Example: Customer was struggling with situations where they were focused on alerts that detection products called “critical” while “medium” alerts an essential servers went unnoticed and escalated into incidents. With KeyCaliber’s asset enrichment, the security operations (SOC) team began including asset criticality in their prioritization process and using all of KeyCaliber’s alert data to add contexts to alerts so they were able to address detections related to essential assets before they resulted in full-blown incidents.
Optimize Visibility
Asset Management
Discover and inventory all assets (on-premises, cloud, IT, OT, and shadow IT)
Example: Customer had been tracking its asset inventory in a spreadsheet using data from its EDR and vulnerability scanner to meet its NYDFS compliance requirements (23 NYCRR 500) and auditors determined their process was insufficient. With KeyCaliber’s asset management, they properly complied with NYDFS requirements and discovered hundreds of endpoints that had been missed by their security products, some of which had serious vulnerabilities because they were unknown and therefore not being patched.
Attack Surface Management
Visualize the internal attack surface and attack pathways to Crown Jewels
Example: Customer had little understanding of its attack surface beyond what was Internet-facing so when an internal workstation was compromised, they did not know the extent of the blast radius. With KeyCaliber’s asset inventory they immediately had connection graphs for each asset and could readily where compromised workstations could lead an attacker to their Crown Jewels (critical assets).
CMDB Reconciliation
Maintain an accurate CMDB with asset and business application data
Example: Customer’s configuration management database (CMDB) was incomplete and inaccurate so none of their teams could rely on it. With KeyCaliber’s asset inventory, they saw all of the assets that were missing from their CMDB and were able to automatically update their CMDB starting with the Crown Jewels that had not been included. Then they automatically added the relationship data for the business applications based on KeyCaliber’s ability to group assets into business application.
Optimize Budget
Tool Deployment
Make the most out of the products you’ve purchased
Example: Customer was only blocking malicious traffic to half their assets. With KeyCaliber’s coverage gap analysis, they saw where they could expand their deployment to improve their coverage. As a result, their phishing incidents went down significantly.
Tool Overlap
Reduce redundant products for savings on tech and logging
Example: Customer had two EDR products running on many of the same workstations. With KeyCaliber’s asset analytics, they identified the overlap. They removed one EDR and saved the cost of the product, reduced their logging expenditures, and had fewer duplicate alerts.