Reducing Mean Time to Patch (MTTP) by 50%

The Challenge

Justin and his team were frustrated. “It was difficult to manage our vulnerability tool due to the level of complexity required to operate it. We had to schedule many different scans, across different regions, across different assets and that was just the beginning. If the scan did not run, we would not have any data to act on. To add to it, it was hard for our team to retrieve the data to quickly identify and prioritize vulnerabilities without long discussions and planning, which delayed our mitigation timeline,” shared Justin.

The complexity of their previous system was proving to be a huge source of annoyance for Justin and team. Despite patching consistently, they found it difficult to validate if the patch they implemented did indeed mitigated the vulnerability and thus felt that they were in a constant reactive mode. The team needed an elegant solution that would enable them to implement continuous risk-based vulnerability management, accurately prioritize vulnerabilities for fixing, and ultimately help them in reducing their mean time to patch (MTTP).

It was difficult to manage our vulnerability tool due to the level of complexity required to operate it. We had to schedule many different scans, across different regions, across different assets and that was just the beginning…

Justin Le,
IT Director

Enter Balbix

The highly scalable Balbix Security Cloud enabled the Par Pacific team to reduce the complexity and make their cybersecurity posture management more efficient. “I was thrilled when I logged in to Balbix and saw the entire puzzle of our environment in one dashboard. The visibility of critical assets, the risk insights, the cool and futuristic sunburst charts, the risk score, the trends over time, and honestly, I can go on and on. But I think most important is the ability to see the complete picture of our assets and the vulnerabilities,” says Justin. With Balbix, they can:

• Get an up-to-date and comprehensive asset inventory
• Identify risk as it emerges by continuously assessing all enterprise assets for unpatched software; default, weak, or reused passwords; misconfigurations; encryption issues; and more
• Prioritize vulnerabilities based on risk and business criticality
• Assign risk owners for each open vulnerability/risk item and dispatch required action items to owners
• Quantify their cyber risk in dollars

I have a strong admiration for the Balbix team as you have developed a product that is very simple to manage and enables us to see our near real-time security posture. This has helped our team to effectively identify and prioritize vulnerabilities without the configuration of scans! We are a very nimble team, so we love the simplicity of the product.

Justin Le,
IT Director

Automating Cybersecurity Posture Management

“I have a strong admiration for the Balbix team as you have developed a product that is very simple to manage and enables us to see our near real-time security posture. This has helped our team to effectively identify and prioritize vulnerabilities without the configuration of scans! We are a very nimble team, so we love the simplicity of the product,” says Justin.

Par Pacific has around 3000 IT assets under management across 10 locations. Justin and his small, yet nimble, team appreciate the comprehensive visibility that Balbix has provided into their cybersecurity posture. “Daily, I log in to Balbix to understand our risk score and vulnerability posture. If I notice an anomaly within the dashboard, I drill down on the details to effectively retrieve and share data with the rest of the team for treatment,” says Justin.

Decreasing MTTP by 50%

The Balbix platform enables Par Pacific to get a real time asset inventory of their cloud and on-premise assets. Each asset is continuously monitored, and vulnerabilities are prioritized based on severity, threats, asset exposure, business criticality and existing security controls. Balbix offers the ability to define remediation groups for asset classes and business workloads, assign to risk owners, and follow up, which enables the security team to drive improvement on key metrics such as MTTP and risk.

“Within the Balbix dashboard, I can see IoT assets that were not reported with the previous tool. We continue to make great strides in patching our workstations as the MTTP has gone down from 104 days to 50 days,” Justin proudly declares.

We continue to make great strides in patching our workstations as the MTTP has gone down from 104 days to 50 days.

Justin Le,
IT Director

Simplifying Board Reporting

Board reporting has also been streamlined with the reporting and dashboards from Balbix. Justin views the Balbix support team as a trusted partner, and as an extension of his security team. “Quarterly, I partner with the Balbix support team (a smart and dedicated team, I must say!) to report and share data from Balbix to our executive and board members. Our mentality is that we cannot control outside threats, but we can control the weaknesses within our ecosystem. Balbix provides the extra manpower to help point our focus in the right direction,” says Justin.