5 Top Vulnerability Management Case Studies

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Hackers and cyber-criminals can exploit any weakness in a business’s security posture, from misconfigurations to outdated software security and weak access management. Seemingly small vulnerabilities can cost the loss of critical business data if they are not addressed in time. This is where vulnerability management helps safeguard sensitive data by identifying and fixing vulnerabilities and reducing a business’s attack surface.

See below for five case studies on how organizations across different industries are employing vulnerability management solutions to help solve their network security challenges:

1. Domestic & General

For over 110 years, Domestic & General has been involved with the care, maintenance and aftercare of consumer electronics and domestic products. Today, it is a leading provider of home appliance protection with more than 3,000 employees spanning across 11 international markets, including Spain, Germany,  Portugal, Italy, Australia, France and the USA. The firm attends to approximately 23 million appliances and 16 million customers annually.

With its growing customer base and increasing digitization, the company felt the need to strengthen its cybersecurity measures. Domestic & General needed a vulnerability management platform that could respond to its hybrid model and offer solutions to scale. The organization was looking for a product that could provide proactive measures and also increase visibility.

Domestic & General deployed Rapid7’s Platform InsightVM to secure its endpoints and protect end-users across its various offices. The vulnerability management solution’s easy-to-use interface allowed Domestic & General to shift cybersecurity from the subsection of technology and integrate it into the day-to-day business processes.

 “Digesting complicated, fast-moving data is easier. And that’s really important in this world. If stuff is happening, the ability to quickly digest large data sets and figure out what’s real is critical. Rapid7 stood out on that front,” said Phil, Chief Information Officer at Domestic & General.

Industry: Electronics
Vulnerability Management provider: Rapid7

Outcomes:

  • Integrated cybersecurity into regular business operations.
  • Increased company productivity and overall visibility.
  • Reduced costs spent on employing a large team of security professionals.

2. Pantarijn

Founded in 1995, Pantarijn was created from a merger of Het Wagenings, the Rhenen-Betuwe School Community and the School for Technical and Service Professions in Wageningen. Today, the school is spread across 6 different locations with an international transition class in Wageningen, and believes in a dynamic model of learning that seamlessly connects all its school locations. With over 2,700 students enrolled in this institution, Pantarijn promotes a fluid system of education.

The IT security team at Pantarijn felt the need to strengthen its cybersecurity posture in order to keep student’s information safe and prevent disruption and financial loss. With a clear context on data security, the team at Pantarijn required a better overview of the personal data processing, systems and software.

Holm Security’s Vulnerability Management Platform was deployed by the institution to have a clear understanding of vulnerabilities and to better address the existing security issues.

Holm Security’s automated software allowed Pantarijn to improve its security measures without incurring an exponentially high investment cost. The vulnerability management platform provided better comprehension of the vulnerabilities present while also reducing Pantarijn’s attack surface by initiating periodic scans. Routine scans enabled the organization to detect weak areas and compromised equipment so teams could better evaluate the potential risks.

“Having a vulnerability management solution gives a clear picture of the security level of scanned servers and networks. It’s very useful, especially for an organization that does not have a full-time employee focused on this part of ICTs,” said Steff Otten, ICT Manager at Pantarijn.

Industry: Education 
Vulnerability management provider: Holm Security

Outcomes:

  • Proactive cyber security measures.
  • A comprehensive view of vulnerabilities.
  • Routine automated scans.

3. Broadway Bank

Founded in 1941, Broadway Bank was one of the first community banks of San Antonio, Texas. Today, the bank has branches across 35 locations and takes care of 600+ employees.

Broadway decided to opt for a vulnerability management solution for a number of reasons. Since banks do not have direct access to most of their endpoints, securing these endpoints is a complex task. With the bank staff, depositors and loan takers constantly connecting to the network every day, Broadway’s sensitive data was left vulnerable to cyber attacks. Moreover, with the increasing number of cyber attacks on banks and the fintech industry, Broadway felt the need to improve its security posture.

Leveraging Digital Defense’s Frontline vulnerability manager (VM) enabled Broadway to improve its data security by efficiently identifying internal and external vulnerabilities at risk of being exploited by hackers. Frontline VM identified trends as well as outliers through an analysis of the aggregated data. This technique helped generate quicker and more accurate results, allowing the security team to act on any potential weak spots. Having a vulnerability management solution allowed Broadway to have a more complete understanding of its system issues despite the challenge of the unknown endpoints.

“An effective security program is multifaceted and its success relies on people, technology, education and thoroughly-vetted processes and procedures to adapt to the ever-changing cyber threat landscape. Vulnerability management plays a critical role in Broadway Bank’s defense in depth approach to security — a tremendous value to IT and Enterprise Risk Management staff — and ultimately to the bank’s entire customer base,” said Sonny Montiel from Broadway Bank.

Industry: Banking
Vulnerability management provider: Digital Defense

Outcomes:

  • Quick, actionable scan reports.
  • Reduced false positives.
  • Easy asset prioritization for remediation.

4. Lifecell

Lifecell, previously known as Life:), is the third-largest mobile telephone network operator in Ukraine. The company has over 1,000 employees and has created more than 50,000 jobs and thousands of affiliated partners. The telecom firm caters to 8.7 million prepaid and contract subscribers, accounting for 96.4% of Ukraine’s population.

Lifecell had initially relied on open-source vulnerability managers to run periodic scans. Even though the systems were secure, the solution lacked an automated process. The firm needed a more effective and measurable vulnerability management solution that could manage critical data.

Lifecell deployed Qualys Vulnerability Management to offer more comprehensive security solutions. The VM did an in-depth network discovery and mapping, which produced reports of vulnerability assessment, asset prioritization and remediation tracking. The Lifecell team, with the VM, identified and helped remedy system errors and software flaws that ended up being misused during cyber attacks.

“Our current vulnerability management covers all critical corporate IT assets and Web applications. Also, our corporate network edge can now defend possible external risks, including such important network components as routing devices and firewalls,” said Andriy Zhelo, manager of the information security management unit at Lifecell.

Industry: Telecommunications
Vulnerability management provider: Qualys

Outcomes:

  • Streamlined workflow for vulnerability management.
  • Accurate and reliable scans.
  • Comprehensive reports with the insight to remediate the most pressing concerns first.

5. Compassion International

Spread across 25 countries, Compassion International has helped free 2 million people from poverty. The organization works to support severely impoverished children — some of them living on less than $2 a day.

As an organization with a vast setup, Compassion International’s globally scattered network carries critical data that needs to be kept secure. The nonprofit organization has sensitive information about the children served through the organization as well as personally identifiable information (PII) of over 1.5 million donors and 30,000 volunteers across the globe.

With several offices worldwide, Compassion International needed a vulnerability management solution that could consolidate all their security concerns under one umbrella and provide a global picture of the security posture of the organization. In order to keep up with the newer technology, Compassion International wanted a vulnerability management platform that supported cloud services and web apps. Moreover, it needed a solution that could easily integrate data on vulnerabilities with business platforms already in use.

Given these requirements, Tenable.io was chosen as the organization’s vulnerability management solution. The cloud-backed VM enabled data to be managed from a centralized location, freeing up the network for other tasks. Its active scanners and passive network monitoring provided a complete view of the vulnerabilities across regions.

“Tenable has allowed us to leapfrog the maturity of our vulnerability management program. It’s better than any other solution that we’ve used,” said Brian Rhodes, senior director of cybersecurity at Compassion International.

Industry: Non-Profit Organization
Vulnerability Management provider: Tenable.io

Outcomes:

  • Centralized vulnerability management.
  • Increased visibility and coverage.
  • Seamless integration of vulnerability into existing IT systems.

Learn more about current top vulnerability management trends.

Avya Chaudhary
Avya Chaudhary
Avya Chaudhary is a contributor to Enterprise Storage Forum and Datamation. Previously she was an engineer with a history of experience working with NGOs and civil societies.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.