Customers
Valvoline
Valvoline Instant Oil Change Can Now Identify Zero Days in Minutes and Accelerate Remediation with Cogent
How a national retail brand reduced manual security reporting and streamlined vulnerability remediation processes.

The Customer
Valvoline Instant Oil Change is a national automotive services company operating thousands of retail locations across the United States. The company operates point of sale systems across its retail footprint. Its vulnerability management program’s focus is to prevent customer PII theft and ensure seamless operation of store services and equipment that is used.
The Challenge
Valvoline's scanning tools covered the known vulnerability landscape and provided broad visibility into servers, endpoints, cloud workloads, and store infrastructure. One problem was speed. When a new zero day or critical vulnerability was disclosed, scanner detection lagged by or up to several days or with some zero-days not even having scanning profiles created by the vendors.
The software inventory had blind spots no single scanner could fill. To catch what scanners missed, the team relied on a threat intelligence workflow stitched together by hand across more than a dozen sources. Lower-risk vulnerabilities moved through an automated monthly patch cycle and the program kept pace there. But for anything requiring rapid identification and response, like a newly disclosed zero day that scanners hadn't picked up yet, the team was working against a structural delay they couldn't close with the tools they had.
The manual work downstream compounded the challenge: triaging findings across tools, resolving asset ownership, creating remediation tickets, tracking SLAs, and reporting to leadership. Only some of the process was automated. Every remediation ticket was built by hand in ServiceNow. A routine cycle took 8-12 hours. Critical vulnerabilities required proof documents, evidence screenshots, and version validation for each team, a process that could take three full days as well as a lot of back and forth between Info Sec and the remediation team before validated.
After each patch maintenance window, the team waited 72 hours, then manually identified unpatched assets. Building straggler tickets, pulling proof of each missing patch, and validating that remediation was still needed added three days to every monthly cycle.
Hundreds of hours went into gathering data from vulnerability scanner dashboards, spreadsheets, and ServiceNow to build a single KPI presentation. There was a lack of stakeholder review of vulnerabilities tools, generating ad hoc follow-ups that consumed additional time.
The Solution
Valvoline deployed Cogent as the coordination and automation layer across their existing scanners and endpoint tools. Cogent ingests findings from their vulnerability scanners, cloud security platform, and endpoint detection tools, correlates them against asset data, and drives remediation through automated workflows. The security team stays in control of decisions. Cogent handles the investigation, remediation guidance, routing, and tracking.
The biggest shift was in how Valvoline responds to newly disclosed vulnerabilities. Cogent monitors threat intelligence feeds continuously, matches newly discovered vulnerabilities against Valvoline's actual asset inventory and SBOM. When a new critical vulnerability emerges, the platform assesses exploitability against the specific environment, giving Valvoline the opportunity to flag critical vulnerabilities to the right team at the right time.
That speed depends on accurate asset data underneath. Cogent's AI-driven correlation merges records across sources using hostname matching, agent IDs, and stable identifiers, eliminating duplicates that previously fragmented ownership and inflated asset counts. Valvoline previously used an asset inventory platform, which they spent months tuning to become a source of truth; Cogent was able to provide the same source of truth in days, via the AI-driven correlation.
For remediation, Cogent will be replacing manual ticket creation with an automated action queue. The security team reviews prioritized action plans and approves them. Cogent is able to create ServiceNow tickets, routes work to the correct team based on codified ownership logic, and track progress against SLAs. Tribal knowledge will be learned and encoded in the system and applied consistently. Currently, Valvoline is estimating that Cogent will be able to automate about 80% of remediation assignments across teams.
For security risk reviews that previously took hours of pulling data across tools, the team uses Cogent's conversational reporting to produce complete assessments on demand, drawing from every connected source in their environment. When leadership asks where the program stands on a critical patch cycle, or what the exposure looks like for a newly disclosed vulnerability, the team gets a finished report in minutes instead of a half-day of data gathering.
The Results
Valvoline now has a vulnerability management program that operates at a scale its previous manual processes could not support. Detection, ticket creation, ownership resolution, and reporting now run through Cogent's automated workflows rather than consuming the bulk of each week in manual effort.
The threat intelligence workflow that consumed 1.5 hours of daily reading and one to two hours of multi-platform querying has been replaced by continuous automated monitoring that detects and assesses zero days within minutes of disclosure. The team identifies exposure to newly disclosed vulnerabilities before scanners have published detection signatures, closing the gap that previously left critical risks invisible for days.
Disclosing findings to remediation teams used to take 8-12 hours at best, sometimes longer. With Cogent, Valvoline cut that in half with reviewing, proofing, and notifying teams taking 4-6 hours maximum.
The security team reviews prioritized plans, and Cogent handles ticket creation, team routing, and SLA tracking. The routing logic that previously lived in informal documentation and institutional memory is codified and applied consistently across all remediation teams.
Hundreds of hours of manual report gathering have been replaced by automated, on-demand generation. Leadership gets current program status when they ask rather than waiting for a hand-built presentation every four weeks. Security risk reviews that previously took hours of cross-tool data pulls are now produced on demand through Cogent's conversational reporting.
Underneath all of it, Cogent's asset correlation merges records across the team's scanning, cloud, and endpoint tools, eliminating duplicates that previously fragmented ownership. The security team now operates from a single, accurate view of their environment.

