Our client is a world-class smart Airport in Australia. It is built to service 10 million passengers per year and is committed to delivering seamless travel experiences for everyone who visits through smart design, technology and 24-hour service. The Airport services domestic, international and freight flights 24 hours a day with airport facilities designed for both low cost and full-service carriers.
Opportunity
The major challenges in Airport cyber security lie in protecting critical infrastructure, preventing insider threats, and staying ahead of evolving cyber threats. It is crucial for Airports to develop robust cyber security strategies, educate employees on best practices, and continuously re-assess and enhance technical practices to mitigate risks and ensure the safety of not only intellectual property and financial resources, but also human lives.
Following an Essential Eight assessment delivered by NRI, our clients next objective was to implement an ongoing Threat and Vulnerability Management program (TVM) to manage and address new threats and vulnerabilities.
The objectives of the program were to:
- Enhance its foundational cyber security capabilities to reduce risk and meet its compliance obligations.
- Support vulnerability scanning and remediation activities.
- Reduce the Mean Time to Detect (MTTD) threats and vulnerabilities, and to prevent the exploitation of vulnerabilities that may exist within the environment.
Solution
Vulnerability Management describes the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation is intended to lead to corrective actions and decisions around whether to remove or accept risk. This means recognising threats, understanding the potential vectors, and combining vulnerability information to address key risks.
A methodical process allows an organisation to obtain a continuous view of vulnerabilities in their IT environment and the risks associated with them, while facilitating better decision-making to reduce their exposure.
For our client, we focused on two specific areas: The initial setup and implementation of a TVM program, and ongoing management including vulnerability scanning and reporting.
To do this, we applied our trusted and proven framework which combines elements of the Australian Government’s Informational Security Manual (ISM), and other internationally recognised frameworks based on the National Institute of Standards and Technology (NIST).
Our engagement involved a number of focused activities split into five phases:
Prepare
In this first phase, we confirmed the scope and suggested approach for the project. Part of this step included seeking agreement on the appropriate governance cycle and engagement. We also validated the business mission, objectives and the alignment to high-level organisational priorities.
Discover and Design
In the second phase, we reviewed existing inventories of our clients IT resources to determine which hardware equipment, operating systems, and software applications were being used, and gathered details about the systems basic configuration and compliance requirements with policies, processes and standards to establish a system baseline.
Along with establishing clear roles and responsibilities for ongoing TVM monitoring requirements, we also:
- Developed TVM policies: This included developing an operating framework, policies and processes, vulnerability and remediation registers, and a model for remediation management.
- Collected business requirements: To identify any specific functional and non-functional requirements related to the vulnerability scanning software, including features and integrations.
- Prepared for a trial deployment of Tenable.io: This included preparing a deployment plan, analysis workflow, scanning strategy, and licensing and subscription arrangements.
Tenable.io is a component of the Tenable Cyber Exposure Platform that provides actionable insight into an organisations entire infrastructure’s security risks. This allows them to identify, investigate, and prioritise vulnerabilities and misconfigurations in the modern IT environment quickly and accurately.
Tenable.io brings clarity to organisation’s security and compliance posture. Built on the Nessus vulnerability assessment technology, Tenable.io delivers an asset-based approach that accurately tracks IT resources, while accommodating dynamic assets like cloud and containers. Tenable.io effectively prioritises vulnerabilities while seamlessly integrating into the environment with other tooling.
Build, Test and Deploy
During this phase, we deployed a trial version of Tenable.io which gave our team the opportunity to identify assets on the network and determine right-sizing, licencing and compatibility requirements. During the trial, the information collected about our client’s environment was used to configure dashboards and processes, and using a sample set of endpoints we also monitored for any business disruption.
Assess and Prioritise
Following deployment, we performed the vulnerability scanning service using an approach based on the ‘Identify – Evaluate – Treat – Report’ methodology, adopted from the ISM and NIST.
Once we identified vulnerabilities, we evaluated the risks in accordance with our client’s risk management strategy. Tenable.io provides different risk ratings and scores for different vulnerabilities based on the Common Vulnerability Scoring System (CVSS) and a Common Vulnerabilities and Exposures (CVE) database. These scores provided an indication of vulnerabilities to focus on and gave us the insights to propose treatment options based on our client’s profile.
Report and Transition to BAU
In the final phase, we developed a report and communicated the findings with our set of recommendations. The report included the findings in the vulnerability assessment, a risk assessment with qualitative and quantitative results, and a set of recommendations and prioritised actions to reduce our client’s organisational risk.
Outcomes
With the delivery of our Threat and Vulnerability Management program, our client now has a more complete view of its vulnerability status across its environment and makes use of the implemented tools and reporting to prioritise security patching regimes while reducing the material risk of a successful cyber incident occurring.
The adoption of Tenable.io has enabled the following business benefits:
- Unified visibility of attack surface, leveraging security and vulnerability data that is automatically gathered and analysed.
- Continuous tracking of assets such as mobile devices, virtual machines, containers, and cloud instances, to assess known and unknown vulnerabilities from data.
- Proactive identification and prioritisation of vulnerabilities with targeted alerts when new threats appear.
- Faster incident response times with access to immediate insights from intuitive dashboard visualisations.
- Customised reports to inform security teams about critical issues.