Customers
Valvoline
Valvoline Can Now Identify Zero Days in Minutes and Accelerate Remediation with Cogent
How a national retail brand reduced manual security reporting and streamlined vulnerability remediation processes.
The Customer
Valvoline is a national automotive services company operating thousands of retail locations across the United States. The company handles customer payment data and operates point-of-sale systems across its retail footprint. Its vulnerability management program is responsible for protecting that environment against threats that move faster than human analysts can track manually.
The Challenge
Valvoline's scanning tools covered the known vulnerability landscape and provided broad visibility into servers, endpoints, cloud workloads, and store infrastructure. One problem was speed. When a new zero day or critical vulnerability was disclosed, scanner detection lagged by several days.
The software inventory had blind spots no single scanner could fill. To catch what scanners missed, the team relied on a threat intelligence workflow stitched together by hand across more than a dozen sources. Lower-risk vulnerabilities moved through an automated monthly patch cycle and the program kept pace there. But for anything requiring rapid identification and response, like a newly disclosed zero day that scanners hadn't picked up yet, the team was working against a structural delay they couldn't close with the tools they had.
The manual work downstream compounded the challenge: triaging findings across tools, resolving asset ownership, creating remediation tickets, tracking SLAs, and reporting to leadership. None of it was automated. Every remediation ticket was built by hand in ServiceNow. A routine cycle took 8-12 hours. Critical vulnerabilities required proof documents, evidence screenshots, and version validation for each team, a process that could take three full days and depended on extensive institutional knowledge.
After each Patch Tuesday cycle, the team waited 72 hours, then manually identified unpatched assets. Building straggler tickets, pulling proof of each missing patch, and validating that remediation was still needed added three days to every monthly cycle.
Hundreds of hours went into gathering data from vulnerability scanner dashboards, spreadsheets, and ServiceNow to build a single KPI presentation. Status updates posted to Confluence went unchecked by stakeholders, generating ad hoc follow-ups that consumed additional time.
The Solution
Valvoline deployed Cogent as the coordination and automation layer across their existing scanners and endpoint tools. Cogent ingests findings from their vulnerability scanners, cloud security platform, and endpoint detection tools, correlates them against asset data, and drives remediation through automated workflows. The security team stays in control of decisions. Cogent handles the investigation, remediation guidance, routing, and tracking.
The biggest shift was in how Valvoline responds to newly disclosed vulnerabilities. Cogent monitors threat intelligence feeds continuously, matches newly discovered vulnerabilities against Valvoline's actual asset inventory and SBOM. When a new critical vulnerability emerges, the platform assesses exploitability against the specific environment, giving Valvoline the opportunity to flag critical vulnerabilities to the right team at the right time.
That speed depends on accurate asset data underneath. Cogent's AI-driven correlation merges records across sources using hostname matching, agent IDs, and stable identifiers, eliminating duplicates that previously fragmented ownership and inflated asset counts. For the first time, the security team had a single, accurate view of their environment and its exposure surface.
For remediation, Cogent replaced manual ticket creation with an automated action queue. The security team reviews prioritized action plans and approves them. The platform creates ServiceNow tickets, routes work to the correct team based on codified ownership logic, and tracks progress against SLAs. Tribal knowledge is learned encoded in the system and applied consistently, with 80% of remediation assignment now automated across all teams.
For security risk reviews that previously took hours of pulling data across tools, the team uses Cogent's conversational reporting to produce complete assessments on demand, drawing from every connected source in their environment. When leadership asks where the program stands on a critical patch cycle, or what the exposure looks like for a newly disclosed vulnerability, the team gets a finished report in minutes instead of a half-day of data gathering.
The Results
Valvoline now has a vulnerability management program that operates at a scale its previous manual processes could not support. Detection, ticket creation, ownership resolution, and reporting now run through Cogent's automated workflows rather than consuming the bulk of each week in manual effort.
The threat intelligence workflow that consumed 1.5 hours of daily reading and one to two hours of multi-platform querying has been replaced by continuous automated monitoring that detects and assesses zero days within minutes of disclosure. The team identifies exposure to newly disclosed vulnerabilities before scanners have published detection signatures, closing the gap that previously left critical risks invisible for days.
Remediation cycles that previously took 8-12 hours end-to-end for routine patches, and up to three days for critical vulnerabilities, now complete much faster through an approval-based action queue. The security team reviews prioritized plans, and Cogent handles ticket creation, team routing, and SLA tracking. The routing logic that previously lived in informal documentation and institutional memory is codified and applied consistently across all remediation teams.
Hundreds of hours of manual report gathering have been replaced by automated, on-demand generation. Leadership gets current program status when they ask rather than waiting for a hand-built presentation every four weeks. Security risk reviews that previously took hours of cross-tool data pulls are now produced on demand through Cogent's conversational reporting.
Underneath all of it, Cogent's asset correlation merges records across the team's scanning, cloud, and endpoint tools, eliminating duplicates that previously fragmented ownership. The security team now operates from a single, accurate view of their environment.
