Most security platforms can find vulnerabilities in your infrastructure. While identifying problems is a critical step in improving your security posture, it's only the first step of many. If your security platform only gets you to that first step, then either (a) you're not making improvements or (b) you're wasting time and resources tracking remediation work. 

The painful cost of tracking security remediation

How do your priority security issues go from discovered to fixed? Do you track security remediation tasks in your ticket system as part of your team's regular project workflow? And if so, what does it take to make that happen? How's that working for you?

When we posed these questions to security and engineering teams like yours, we got an earful! It was surprising to learn what so many of you are suffering through. After all, what you need seems simple: 

1. Find misconfigurations and vulnerabilities in your infrastructure
2. Identify which of these findings are most important to address
3. Generate tickets/tasks/issues (with remediation instructions) in the project tracking system your team uses every day
4. Automatically update tickets in your tracking system when your team fixes security issues

Yet so many companies invest in a security platform and immediately slam into one of these brick walls. The security platform:

• Operates in a silo
• Only integrates with one ticket system
• Drowns them in redundant, low-priority, and irrelevant tickets
• Only reports the problem, not the solution
• Doesn't close tickets on fix
• Doesn't create a ticket when drift occurs

Let's explore each of these challenges.

The security platform is a silo

It's mind-boggling how many security solutions simply build a massive list of issues for you to sort through. They might generate a report or export raw data, but anything you want to do with that data is your responsibility.

We frequently hear harrowing tales of security managers slogging through huge CSV files, searching for keywords, copying information one finding at a time and pasting it into GitLab Issues or ServiceNow, or emailing the information to ZenDesk or Jira. 

Other companies try closing the gap between their security and project tools by writing their own automation, known as glue code. Now they're stuck maintaining that code, updating it when their security platform or ticketing system releases breaking changes.

Buyer beware: One security software provider boasts that they have "automated vulnerability remediation." That turns out to be a button you can click to copy remediation instructions, which you can then paste into a ticket. No joke!

The security platform only integrates with one ticket system

If you choose a security solution that can add issues to only one ticket platform, you can find yourself facing a difficult choice when that ticket platform is no longer the best or only choice for your teams or no longer available to you: Do you force everyone to use the wrong ticket platform? Do you use the better ticket platform but devote resources to manually creating tickets or maintaining glue code?

We spoke with one team that adopted a security solution they could integrate with Jira. After weeks of effort deploying their new security software, it was smooth(ish) sailing for a few months—until their company replaced Jira with Zendesk. Now they've regressed to devoting 20-30 human hours each week to writing and maintaining security tickets.

The security platform drowns them in redundant, low-priority, and irrelevant tickets

The few security platforms that truly do programmatically add tickets to external tracking systems? Well, they create problems of their own. These are the ones we hear most:

• The security tool creates a ticket for each issue it finds, regardless of relevance or priority
  Does a system that automates ticket creation seem like a smart idea? Just wait until you're flooded with thousands of tickets for issues that you don't care about.
  
  Most security tools treat every finding with the same level of importance, or have a simplistic method of prioritization that has little or nothing to do with your actual infrastructure and ignores any compensating controls in place. Do you really want tickets created to track fixing non-problems or items you probably won't fix? In addition to alert fatigue, you now have a whopping case of ticket fatigue!
• Multiple assets with the same issue require multiple tickets
  Suppose you spin up five, fifty, or five hundred virtual machines from the same image. One misconfiguration in that image (SSH port open to the public, for example), gets replicated five, fifty, or five hundred times in your cloud environment.
  
  To track the issue in your ticket system, you have to generate five, fifty, or five hundred nearly identical tickets for what is really a single problem. It's up to you to manage all those tickets, and it's a headache.

The security platform only reports the problem, not the solution

Many security platforms just provide security criticism, not security solutions. They report the finding, often in a confusing or unclear way, and make remediation an unnecessary research challenge. 

Tickets that lack detailed risk information and precise remediation instructions require more work: Typically the security team and the engineers implementing fixes exchange a volley of questions and answers to clarify and appreciate the problem. This slows the process and can generate frustration for both teams.

The security platform doesn't close tickets when the issue is fixed

Some security solutions create a ticket in an external tracking system and then forget it. They don't maintain the ticket. When you remediate the problem, you have to find the ticket and manually close it. To us, that seems like half a solution.

The security platform doesn't create a ticket when drift occurs

Security practices and controls can deteriorate over time as your system configurations deviate from your established baselines. When an asset becomes more vulnerable to attack, that's security drift. 

To most security analysts, drift is something you always want to address. If your security platform can't automatically create a ticket when drift occurs, your security posture can deteriorate unnoticed.

Fix issues faster with Mondoo's synchronized ticketing

In Mondoo, tickets turn security findings into tasks to complete. They integrate with your third-party ticketing system (your issue tracking or ITSM platform) to incorporate security remediation work into your team's existing workflow.

Mondoo creates tickets in the project tracking system you already use

When you see a priority security finding in Mondoo that requires fixing, you create a ticket for that finding. 

You choose the third-party software with which you want to synchronize the ticket, the project or repository where you want to create a ticket or issue, and add notes for the team. You can even include custom fields that your ticket system deployment requires.

When you save the Mondoo ticket, Mondoo creates a matching issue or ticket in your project/task management software. Mondoo can create:

• Azure DevOps issues
• GitHub issues
• GitLab issues
• Jira issues
• Zendesk tickets
• Email messages (and send them to your ticket system or to any destination)

In each third-party issue or ticket, Mondoo automatically includes the details of the issue, information about the asset(s) where it exists, notes, and remediation instructions. 

You choose priority issues to fix

Because it doesn't simply create a ticket for every security finding, Mondoo doesn't fill your ticket system with thousands of issues you don't care about. Instead, you choose only priority issues you want to focus on right now. 

But don't worry; that doesn't mean you have to sift through Mondoo findings unaided, picking priorities in a sea of data. Mondoo does the hard work of raising priorities to the surface for you. 

Mondoo considers threats and exposure to highlight findings that pose the greatest actual risk to your infrastructure. You can focus on the actions that most effectively increase your security. You can even customize how different contextual risks affect your prioritization. To learn more about Mondoo's prioritization capabilities, read our Mondoo Firewatch blog post.

As soon as you access your dashboard on the Mondoo Console, you see the most important findings that put your organization at risk.

Just click a finding to see its details. From there you can create a ticket to expedite and track the fix.

Create a single ticket for multiple assets with the same finding

If Mondoo discovers the same vulnerability advisory on 43 servers, you don't have to create 43 tickets to patch them. Mondoo can create a single ticket for multiple assets that share a security finding.

Create one ticket for all assets that share a finding, or choose which assets to include in a ticket. The issue Mondoo creates in your third-party ticket system lists all the assets you choose.

Progress tracking for each ticket in the Mondoo Console shows how many assets are fixed and the completion percentage. It also lists each asset in the ticket and shows its status.

Mondoo can automatically create a ticket when it detects drift

If you turn on drift detection, Mondoo automatically creates tickets for you to track and fix security drift. When an asset scan exposes a finding that didn't exist when the asset was last scanned, Mondoo exposes the drift by creating a Mondoo ticket and a corresponding issue in the ticketing system of your (configured) choice.

Even when it automatically creates drift tickets, Mondoo still doesn't flood your ticket system with issues. It waits for more scan results from other assets to come in before finalizing a drift ticket and generating a third-party issue. That pause gives Mondoo time to collect any more instances of the same drift (on different assets) and combine them in a single ticket.

You choose how long Mondoo waits for multiple assets with the same detected drift before creating an issue in your ticket system—from 1-24 hours. 

Remediation instructions are in the ticket to help operations teams

Historically, relationships between security and operations teams have been fraught with challenges. Clear communication and prioritization can smooth the friction between security and operations. You might be surprised by how much communication between the two teams takes place in tickets.

Operations teams love our tickets! When we designed them, we had in mind the engineers who fix the issues. They include everything needed to quickly address the problem:

• Description of the finding
• Specific assets on which to fix it
• The check or advisory that is the source of the finding, with links to learn more
• Scoring details that demonstrate the risk and impact of the problem
• Detailed instructions for remediating advisories
• Any added comments from the case creator

Mondoo tickets eliminate extensive research and the back and forth clarification that so many tasks require.

Mondoo automatically closes a ticket when the issue is fixed

Managing and tracking tickets can be almost as much labor as creating them. Mondoo does more of the work for you by automatically closing tickets when it detects that the issue is resolved. This optional feature saves time and keeps your ticketing platform synchronized with Mondoo. 

Mondoo ticketing saves you time, work, and friction

Mondoo is the security platform that actually helps you fix security issues. It does more than just find misconfigurations and vulnerabilities that threaten your infrastructure: Mondoo identifies the most important problems to fix, generates actionable tickets in the tracking system your team already uses daily, and closes those tickets for you when the issue is resolved. 

When you see the work that Mondoo saves your team, you'll be amazed that you survived so long without it. Mondoo frees security teams to strategize and plan for the future, and frees operations teams to design and create. It improves communication between these two teams and smooths their collaboration.

Stop doing things the hard way. Get Mondoo.

‍