PurpleSec’s Cyber Risk Management Platform

The Solution

Why Faster Is Better

According to Infosec Institute, the MTTR a vulnerability is 60 to 150 days. Hackers can exploit vulnerabilities within hours to minutes in some cases and they’re using automation to speed this process up.

PurpleSec uses automation to close that window providing a smaller window for hackers to attack customers.​

What Does Faster Look Like?

A 75% reduction in MTTR for our client. Remediation is now completed within 9-12 days, beating industry averages by 90%!​

This represents a total reduction of 220k to 30K vulnerabilities (86% reduction) over 6 months.​

See it, Fix it: 

3x visibility of vulnerabilities and 2x remediation efforts. In addition to simply removing vulnerabilities, we also now have the ability to scale with the environment and ensure coverage as our clients grow.

What Does Smarter Security Mean?

When implementing a vulnerability management program, businesses need to be able to quantify where cyber risk exists in their organization and tend to the risk hotspots first and with the most resources.

Smarter security means freeing up your experts to do just that by taking away low skill tasks and providing insight with dashboards and vulnerability metrics, enabling data driven discussions.

How This Was Achieved

• Automate low-skills tasks – Scanning, organization, categorization, deployment, scheduling, and notification.
• 50% reduction in process length – The remediation process prior to introducing automation was a manual effort, patching monthly with little focus on Risk. Now, armed with automation, our ‘cyborg’ team re-evaluated customer processes and delivered a RBVM lifecycle that is shorter and requires less interaction. Patching is now completed within days for some systems. Automation has also enhanced manual project management efforts. ​
• Teams can focus on remediation – Scanning, prioritizing, and patching vulnerabilities is automated. Expert resources now focus on configuration management and lifecycle management remediations.

The Results

• Realized significant cost savings – Client saves 1.6k person hours per month resulting in an annual cost savings of $1M.​
• Enablement – Part of the smarter security also means we’ve enabled our teams to focus more on risk management and not just vulnerabilities. Instead of emails, worksheets, and other low skilled tasks mostly focused on vulnerabilities specifically. Now, they’re focused on risk and high skill risk related tasks such as the security exception process. PurpleSec’s team was able to work with the client to create an alert rule through their SIEM to solve an obsolete cipher being used. Enabled PurpleSec’s team to bring additional value to the client.

What Do We Mean By Better Security?

• Security that is focused on business risk – Using a risk based approach for processes means more impactful changes to the attack surface.
• Trackable KPIs – Automation gives our team more in-depth management of the weight of each metric. We can tune the risk metrics based on the customer’s Security Culture and Risk Appetite. ​
• More informed Senior Management – With better metrics and processes we also bring better reporting to the various data consumers. Our team puts together reports that show where focus needs to be directed in the organization to further security goals.