VulnDB Drives SITA IT Vulnerability and Risk Management Alignment

Since 2015, SITA has relied on VulnDB from Risk Based Security to unite their IT Security and Risk Management teams under one ticketing system. Once reliant on a slow and disruptive legacy
network scanning approach, the multinational information technology organization is now fueled by powerful and comprehensive vulnerability intelligence from VulnDB, helping them accelerate their security program by better automating their risk prioritization and remediation processes

SITA’s six security teams are the backbone of the organization as they work to keep their internal and external customers safe. One security team handles patch management, while others perform a diverse range of tasks such as penetration testing, vulnerability monitoring, threat intelligence, and incident response. Coordinating activities across these separate groups is essential to maintaining operational efficiency. With VulnDB, SITA is able to unite all six teams with regular, real-time, and specific vulnerability alerts for the products and vendors they care about.

“VulnDB was the right choice for us because it fulfilled all the requirements we needed when it came to vulnerability management and the processes we already had established within our company.”

Necmiye Genc-Nayebi, Senior Manager at Corporate Information Security Office (CISO) at SITA

Empowered by VulnDB, SITA has seen significant improvement to their Threat-Centric Vulnerability Management (TCVM) program by enabling them to automate vital functions such as risk prioritization and remediation. Key VulnDB features such as real-time alerts, report generation and a RESTful API have allowed SITA to interlock the diverse processes of their security teams. In addition, VulnDB supplies each team with the latest vulnerability reports and actionable metadata, including exploit
availability, external references, and RBS-generated scores, which facilitates rapid prioritization and mitigation.

Meeting the Need for Strength with Flexibility

Before implementing VulnDB, SITA relied on a well-known scanning platform for its vulnerability intelligence, resulting in a vulnerability management process that was extremely manual, time consuming, and did not give them complete visibility over their risk exposure. Although scanning allowed them to perform standard tasks, SITA wanted a solution that could offer flexibility and that would scale alongside their growth. SITA would need a more powerful solution to match their ambitions.

The decision to use VulnDB was an easy one for Necmiye Genc-Nayebi. Necmiye saw the overlying issue that was affecting her security team: the inflexibility of the scanning approach was causing each department to function within their own silo, leading them to treat each task as a stand-alone process. If they were to operate more efficiently, many of those processes would need to be better integrated.

Necmiye identified two critical improvements. First, she would unite her team under one ticketing system, enabling them to coordinate activities and work with the same data. Second, she would ensure that each team had the most comprehensive data available, to empower them to make actual risk-based decisions. Comparing VulnDB with other competing products, Necmiye recognized that VulnDB’s best-in-class data and powerful features would be of great value to SITA. In her words, choosing VulnDB was “an easy decision”.

“We didn’t need to go through a proof-of-concept or proof-of-value. We just informed upper management what we were planning and how we planned to leverage VulnDB’s unique features to benefit internal/external customers.”

Cohesion and the Path to Automation

VulnDB has over 287,000 vulnerabilities within its database, covering the products of over 31,000 vendors, including IT, OT, IoT, OSS, and other dependencies. VulnDB’s comprehensive, actionable, and timely data ensures that clients like SITA get the latest and most accurate details on the vulnerabilities affecting their assets. Necmiye’s teams are now able to understand the overall vulnerability landscape of their entire organization and, with the rich metadata provided by VulnDB, can focus on those assets which are most vulnerable to being exploited.

“VulnDB’s exploitability details have allowed SITA to prioritize risk remediation more effectively.”

Necmiye Genc-Nayebi, Senior Manager at Corporate Information Security Office (CISO) at SITA

The comprehensive visibility that VulnDB provides, along with powerful integration features, has supported SITA’s automation of their remediation process, bringing recognizable value to internal security and security management teams. VulnDB’s in-depth search features for key vulnerabilities has been especially instrumental in fulfilling SITA’s mission. Better data, the ability to automate, and improved focus – enabling SITA to actually operate a truly risk-based vulnerability management process.