Security Solutions
4 mins
How quickly are vulnerabilities remediated once they have been found, validated, and prioritized? Research by the Ponemon Institute found that 62% of security teams can’t even track whether vulnerabilities are being patched promptly. It is no surprise then that Jeremy D’Hoinne called out mobilization as a critical step in threat exposure management programs.
Hadrian’s latest innovation, Secure Share, simplifies the mobilization process enabling faster remediation with less effort. The new feature provides a seamless workflow for security teams to share all of the risk details with the relevant development team for remediation and track resolution progress.
Initiating remediation with Secure Share
In many cases remediation is not carried out by the security team, instead it is performed by technology, IT and other departments. Seamless collaboration between teams requires great communication, which is where Secure Share comes in. Secure Share provides non-security teams with all of the information they need to understand, prioritize, and action remediation activities.
The security team can track the progress of development team’s remediation efforts within their portal. Secure Share makes it easy to see whether SLAs for response and resolution are being met. Once the development teams mark the risk as resolved Hadrian automatically conducts regression testing to verify that whether it was successful.
What is Secure Share?
At a high level, Secure Share enables non-Hadrian users to access specific risk detail pages. The feature provides teams with the information they need, eliminating the need for back-and-forth communication, and speeding up remediation.
A reference workflow for the Secure Share process can be seen in Figure 1. When a risk is found security teams can assign it to anyone, including external parties, for remediation. The assignee will receive access to the Hadrian platform for that one risk, providing them with all of the information they need to immediately begin resolution.
Figure 1. High-level Secure Share workflow
How Secure Share works
Using Secure Share takes just a few seconds. Users simply need to select the 'Secure Share' option located at the top of the risk's page an input the email address of the intended recipient. The recipient will subsequently receive an email containing a unique link. This link grants them exclusive access to view and address the specified risk, including the ability to mark it as resolved.
Figure 2. Screen capture of a risk being shared with Secure Share
The access to the risk can be modified at any time. Simply revisit the 'Secure Share' section and utilize the provided interface to either revoke access - by selecting the 'X' button - or resend the link.
As the recipient works through the remediation steps Hadrian keeps you informed. The interface displays whenever the recipient accesses the link and when it has been marked as resolved. For security reasons, the shared link remains active for a duration of 24 hours. Should the link be accessed after this period, a new link will automatically be issued and sent to the same email address, ensuring continuous, yet secure, collaboration.
Successful mobilization
In addition to collaboration, there are two essential components to successful mobilization. Verifying that a threat exploitable and not a false-positive ensures that teams are focused on the risks that matter most. Assigning the remediation activities to the correct team quickly prevents unnecessary time wastage. Hadrian’s autonomous validation and Asset Tagging features make these workflows simple and straightforward.
Autonomous validation
When security teams receive an alert they are provided all the information they need to assign it for remediation. All threats found in Hadrian’s Verified Risks have been autonomously validated, teams can double-check this themselves using the steps in the Reproduction Steps section, shown in Figure 3. Hadrian’s proprietary severity scoring automatically assigns a level using a combination of metrics including our built-in threat intelligence.
Figure 3. Hadrian’s risk detail including the Severity and Reproduction Steps
Asset Tagging
Using Hadrian, it's easy to allocate specific risks to an individual or team. Our Asset Tagging feature lets you add detailed information about the asset's owner. By tagging assets with the owner's information beforehand, you streamline the process of assigning remediation tasks, saving valuable time.
Experience faster remediation today
The Secure Share feature is now available for all customers and trial organizations to explore. To find out more about Hadrian’s cybersecurity platform and improve collaboration between development and security teams get in touch with one of our experts.
