Organizations large and small struggle with vulnerability management. In the gaming and hospitality space with 24/7/365 environments, it is difficult to take down critical systems that impact guests regularly. Several executives lament that this concept of managing vulnerabilities and patches is somewhat like a game of whack-a-mole. The vulnerabilities are random but, if not addressed, can leave the organization and the customer’s data at risk.
The Challenge
When speaking to executives about vulnerability management programs, the issue and challenges are often underestimated. Vulnerability management is a program that should touch EVERY endpoint in the organization that touches a network and every software application across the enterprise. From HID readers that control locked doors to workstations and file servers, every asset should be visible by tools and managed proactively. However, this approach is much more complicated than it sounds. Hospitality and gaming networks are often segmented into a number of sections, making the identification, inventory, and management of hardware and software difficult to see, manage and remediate. In addition to the complex nature of the networks, a significant number of third-party players manage systems and software on these networks. These third-party products also require an active management strategy. Beyond consistently seeing and identifying assets with tools, there are significant issues surrounding high availability (HA). In order to have a sustainable strategy, customer-facing systems need to be redundant to reduce or eliminate downtimes and outages due to remediation. Often organizations fail to configure systems with HA in mind. In order for security and IT operations teams to remediate systems, customers are visibly impacted by slot floors that go into hand pay, reservation websites that are down for maintenance, or ATMs that list they are out of order. In a 24/7/365 environment, let’s face it, there is never a good time to take systems out of service to remediate vulnerabilities.