Acuity Brands Boosts Security with Vulnerability-Identification and Response Program Via New Product Security Incident Response Team (PSIRT)

  • 05-NOV-2018

Acuity Brands Boosts Security with Vulnerability-Identification and Response Program Via New Product Security Incident Response Team (PSIRT)

ATLANTA – November 1, 2018  Acuity Brands, Inc. (NYSE: AYI) today announced the formation of a Product Security Incident Response Team (PSIRT), which will supplement existing security programs by coordinating stakeholder interests regarding security concerns that potentially impact connected products and cloud-based infrastructure. All Acuity Brands products containing a software component in their use, maintenance or management will be serviced by PSIRT. Additionally, the team will manage the receipt, investigation and notification procedure with an extended group of collaborators which may include customers, consultants, security researchers, academic institutions and other vendors.

PSIRT provides a proactive and centralized approach for security concerns arising from the increasingly digital market. This approach is designed to reduce the response time for releasing patches for security vulnerabilities and to improve the security posture of Acuity Brands technology-based products and services.

The following figure provides a high-level view of the product security response process.

  • Awareness:  information is received regarding a potential security vulnerability
  • Triage: the report is validated, prioritized, and resources identified
  • Analysis:  impact assessment is conducted, and remediation plan developed
  • Coordination: all collaborators are made aware of the timelines
  • Remediation: fixes are released, and cloud-based services are updated
  • Notification:  affected customers are notified
  • Feedback:  post-remediation activities are performed

“To continually improve our best practices, Acuity Brands has joined the Forum of Incident Response and Security Teams (FIRST), which fosters cooperation and coordination in incident prevention, stimulates rapid reaction to incidents, and promotes information sharing among members and the community at large,” said Mark-David McLaughlin, Director of Security and Risk Management, Acuity Brands Lighting. “FIRST’s documentation and the ISO 30111 standard were used as references for the development of the PSIRT program.”     

PSIRT will be focused on, but not limited to, the products sold under the following brands: AtriusTM, Dark To Light® (DTL), DGLogik, Distech Controls®, eldoLED®, Fresco™, Holophane®, IOTA®, Lucid®, LC&D™, nLight®, nLight® AIR, ROAM®, Sensor Switch®, Synergy®, and XPoint™ Wireless. Integral to this effort is an enhanced customer communication strategy that includes security bulletins and a dedicated contact.  For timely updates, please subscribe to our security bulletins.


About Acuity Brands

Acuity Brands, Inc. (NYSE: AYI) is the North American market leader and one of the world’s leading providers of lighting and building management solutions. With fiscal year 2018 net sales of $3.7 billion, Acuity Brands currently employs approximately 13,000 associates and is headquartered in Atlanta, Georgia with operations throughout North America, and in Europe and Asia. The Company’s products and solutions are sold under various brands, including Lithonia Lighting®, Holophane®, Peerless®, Gotham®, Mark Architectural Lighting™, Winona® Lighting, Juno®, Indy™, Aculux®, Healthcare Lighting®, Hydrel®, American Electric Lighting®, Antique Street Lamps™, Sunoptics®, Distech Controls®, nLight®, ROAM®, Sensor Switch®, Power Sentry®, IOTA®, Atrius™ and Lucid®. Visit us at www.acuitybrands.com.

Previous Article
DGLogik DGLux Server Directory Traversal Vulnerability
DGLogik DGLux Server Directory Traversal Vulnerability

The DGLux Server contains a directory traversal vulnerability within the REST API component. The vulnerabi...

Next Article
Acuity Brands Commitment to Cybersecurity Protection
Acuity Brands Commitment to Cybersecurity Protection

As cyber attacks escalate on businesses and governments, Acuity Brands continues to refine and harden the s...