SSVM Platinum Case Study

Introduction

Secutor’s Signature Vulnerability Management (SSVM) system is a holistic, risk-based approach to Vulnerability Management that places emphasis on using network security architecture in combination with the award-winning QualysGuard platform to identify critical attack vectors and prioritize vulnerability remediation. We help our clients find the “needle in a haystack”: the risks and vulnerabilities that offer malicious entities the path of least resistance into their secured network.

In combination with GRC for Risk Analysis, Compliance Assessment, and Incident Management, SSVM is a comprehensive solution that serves as a solid foundation upon which a successful cybersecurity can be built.

Situation

A large multi-national SaaS business with more than 50,000 clients, managing nearly 1,500,000 assets in over 70 countries had renewed its focus on cybersecurity and their customers were starting to demand that they provide proof of compliance with a variety of policies and regulations. The new CISO faced a nearly overwhelming challenge to provide the executive board with an overview of the state of their network security: its strengths, weaknesses, compliance with internal and customer-driven policies and metrics to show progress towards achieving their goals of better protecting their IP and customer data.

Challenges

Secutor reviewed and rapidly identified their most pressing challenges, which included:

  • Ad-hoc vulnerability assessments with limited reporting
  • They were critically short-handed on staff with the time and knowledge to implement a Vulnerability Management program
  • No easy way to track vulnerabilities from detection through remediation
  • No up-to-date asset or software inventory
  • Lack of metrics and KPIs to track progres
  • Legacy, internationally distributed network with no current network diagrams
  • A new virtual network infrastructure project running in parallel
  • Lack of effective communication between the network, IT, and security teams

Services Provided

Secutor Cybersecurity experts collaborated with the customer’s IT Security team to provide the following services:

1.
Gap
Analysis

Reviewed the existing security policies and procedures to identify areas for improvement or refinement.

2.
Network Security Architecture Audit

Analyzed every layer 3 network device to build a complete picture of all possible access vectors in to, out of, and within the network.

3.
Continuous Vulnerability Management

Designed and implemented a comprehensive solution around Qualys where scans, ticketing, and reports were optimized and automated.

4.
Vulnerability Prioritization

Merged the network security architecture audit with Qualys scans to identify the highest priority vulnerabilities: the ones exposed to threat sources.

5.
Metrics

Identified usable and understandable metrics that were the most important to the customer and automated them, for the CISO and her team to have continuously updated action items.

6.
Governance, Risk, Compliance

Drafted Vulnerability Management and Remediation policies and procedures.

7.
Integration

Used the Qualys API to integrate with Allgress and ServiceNow for ticketing and asset management.

8.
Training

Provided knowledge transfer to ensure a smooth transition of the new systems and processes to the customer’s staff.

Summary

Secutor helped this customer improve their security posture and significantly reduce risk by:

Identifying all 101,000 internal IP addresses on their network, answering the question: “Am I comprehensively detecting and remediating vulnerabilities in the entirety of my computing environment?”

Obtain a continuously updated asset and software inventory of all 5,000 networked devices, answering the question: “Do I know what I need to protect?”

Focus on the 10 highest severity vulnerabilities out 70,000 “high priority” vulnerabilities that Qualys identified, answering the question: “Do I have the right prioritization in my remediation program?”

Track improvements in information security, answering the question: “Am I getting a Return on Investment from my information security program?”

About Secutor

Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.

Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.

Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.

LEARN MORE
SCHEDULE A CONSULTATION
VIEW NEWS
VIEW CASE STUDIES
Archives

Enjoyed this Content?

Share this story on social media!

Keep Your Network Protected.

Reach out today to learn how Secutor can help your business stay protected.
SCHEDULE A CONSULTATION

Services

STANDARD SERVICES

#

MANAGED SERVICES

Information

INSIDER DIRECT
ABOUT
OUR PARTNERS
FAQS
JOIN OUR TEAM
CASE STUDIES
NEWS

Contact

PHONE
(+1) 682 312-3990
EMAIL
INFO@SECUTORIS.COM
Linkedin
© 2024 SECUTOR CONSULTING, LLC.   |   All Rights Reserved   |   Privacy Policy   |   Designed by Rivetry
Scroll to Top

Introducing:
Secutor Insider Direct

Discover a new era in cybersecurity purchasing. No markups, no hidden fees. Just the right tools at the right price, tailored to your needs, with expert advice from our seasoned cybersecurity professionals.

ENROLLMENT IS NOW OPEN - LEARN MORE

Ready to Find Your Solution?

Use the form to schedule a consultation, and we’ll reach out within 48 hours to confirm the appointment.

Considering this delay, please only select meeting dates 48 hours or more in advance. Your information will only be used to facilitate a meeting.