Continuing our series on security, managing security vulnerabilities is a prerequisite to protecting your products and services from breaches. At Genexis, security is our highest priority. Per Hellsten, Product Manager at Genexis describes our processes and guardrails to detect and effectively handle incidents.
Genexis’ overarching Information Security Management System (ISMS) covers both IT and product security policy. By including products in the ISMS scope, we are prepared for EU legislation such as Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act. ISMS also follows ISO 27001 standards and customer requirements. Overall, cybersecurity breaches have been increasing in our society and on a global level as technology and tactics advance. At Genexis, we proactively protect, detect and respond to security issues, double support and advise our customers in responding to incidents.
Early detection of new vulnerabilities in products and IT systems is crucial. Genexis has set up a cross-functional security team to monitor and resolve issues. The security team includes representatives from all R&D teams, IT, product security officers, technical sales and support functions, and the Genexis Chief Information Security Officer. This team collects vulnerability information from monitoring country reports from international Computer SecurityIncident Response Teams, such as the US Cyber Defense Agency, to a coordinated vulnerability disclosure page, customer support, Genexis employees, security providers, and open-source projects.
Accessing as many systems and sources as possible provides reliability and cross-checks of information. The next step is to analyze, identify, and assess the risks to determine the severity level. This helps prioritize response efforts, the urgency and allocate resources effectively. The appropriate action, which may involve releasing a patch for the vulnerability, is then assigned in the Genexis ticketing system if needed.
Responding to incidents
Vulnerability management becomes a full incident response if there is an acute threat or an actual breach. We immediately respond by:
- Containment of the incident: to limit the impact, such as isolating compromised devices, segmenting part of the impacted network, or changing passwords.
- Notifying stakeholders: to communicate effectively and coordinate measures to address the incident.
- Analyzing the root cause: to identify the underlying cause, develop a solution, implement preventative measures, and update security protocols. Root cause analysis is part of the next step, eradication.
- Eradication and recovery: to eliminate the threat, recover affected devices or systems and take structural measures to prevent reoccurrence and restore. This involves removing malicious code, closing vulnerabilities, and implementing security patches.
- Continuous improvement: by documenting and conducting a thorough review of the response process. We learn what worked well and can identify areas that need improvement. This information is valuable for refining our incident response plans and training our teams.
- Regularly updating security tools and practice procedures: simulating incidents and practicing response procedures ensures readiness. Having the latest security tools and training employees helps improve coordination, decision-making, and response times during an actual incident.
- Supporting customers with security advisory reports, including risk assessment, risk mitigation (security scripts/patches), and recommended actions.
Genexis is committed to supporting our customers’ risk management and incident response processes. By aligning practices and sharing insights, we are better positioned to prepare, respond to, and mitigate the impact of security breaches and deal with major vulnerabilities.
Author: Per Hellsten