Now that we have an understanding of how we can integrate a service's processes into the SOC's cognizance, let's explore how we can integrate a like service and achieve the same result.

The most compatible service with SCM is vulnerability management (VM). Just as SCM scans and looks for non-compliance with a standard set of configurations, VM looks at the applications that exist on a system and sees if they are up to date with their security patches, as well as revealing any vulnerabilities. The main difference here is if a Windows 7 baseline has 50 standard controls, SCM will check only those 50 controls multiplied by the number of systems it scans, producing a finite result. However, VM looks at the OS and every application on a system. Unless each system has the same image and library of applications (from a VM or virtual application), the results will be more dynamic. We will get more into how we can standardize this in a later chapter.

Let's take a different view of these services using terms that we've learned in this chapter.

If we compact core process, discovery detection, Risk Mitigation, and security analysis for Security Configuration Management services, it would look as follows:

If we compact core process, discovery detection, Risk Mitigation, and security analysis for vulnerability management services, it would look as follows:

The critical part we are missing to enable communication to be passed between the two is Data Exposure and Sharing. As these are like services, we've discussed the concept of integrated reports because these services are scanning the same systems. I'm suggesting integrated reports because would you rather have two reports or one report that tells you what to fix on your systems? Honestly, I've run into so many stakeholders that have told me that they simply can't prioritize what to fix because the cyber security teams keep on sending them random reports.... more on ideas for this later.

Ultimately, what we are trying to achieve are two legs of the spider that can interact with each other to report to the body/head through Security State Analysis. This is depicted in the following diagram: