How Vulnerability Scanning is Used by 5 Top Organizations: Case Studies

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Organizations use vulnerability scanning tools and third-party services to identify areas of risk across their networks. Understanding risk posture is a key element of an effective security solution.

These five case studies provide examples of organizations from different industries that utilize vulnerability scanning services from third parties.

Miles Technologies

Miles Technologies is a technology consultancy specializing in IT, software, marketing, and cybersecurity. One service they provide is identifying vulnerabilities for clients related to cybersecurity.

The company was seeking a more streamlined alternative to the approach it had been taking to scanning for vulnerabilities and creating progress reports for clients. The tools they had been using were not intuitive and took up a great deal of time.

Acunetix Premium, a vulnerability management tool, improved the way Miles Technologies was conducting vulnerability scanning on behalf of its clients. The company was able to reduce its time commitment to these projects from up to 10 days to fewer than three business days.

Other benefits include customization by clients and reports that include prioritized lists of vulnerability issues. Ultimately, Miles Technologies can deliver better reporting on vulnerabilities in a shorter amount of time with single-solution provider Acunetix compared with its previous, distributed approach.

“Acunetix is our vulnerability scanning tool of choice for situations where information security is a real concern and confidence in safety is key,” said JP Lessard, President of Software Services at Miles Technologies.

Industry: Technology consulting

Vulnerability scanning provider: Acunetix

Use case: Miles Technology signed up with Acunetix to improve on the way it had been conducting vulnerability scanning services to its consulting clients.

Read the Miles Technology and Acunetix case study.

Learn more about vulnerability scanning and why it is important to do it


ISACA, formerly known as Information Systems Audit and Control Association, is a non-profit international association focused on developing and adopting industry-leading best practices for IT governance, security, and information systems. The organization is huge, serving more than 140,000 members and professional ISACA certification holders across more than 180 countries. Members mostly include consultants, professionals, and educators.

ISACA faced a significant challenge when determining the best way to test vulnerabilities across its sprawling network, which included web applications and assets like login forms, user registration, online payment capabilities, multiple user portals, and tens of thousands of web pages. While the organization adheres to a best practice of using a staging environment for testing all code before it is pushed to live environments, the security team faced an uphill battle when it came to maintaining the integrity of every ISACA website, each of which needed routine maintenance and updating.

Previously, ISACA used open source tools and third-party consultations, which was a relatively unreliable and quite expensive solution. In order to thoroughly review every possible attack surface, ISACA needed a more automated approach to vulnerability scanning.

The Invicti Web Application Security Scanner was chosen by ISACA to automate its vulnerability assessments. ISACA selected Invicti because the Security Scanner provided clear explanations about imminent vulnerabilities, was able to assess vulnerabilities during different development stages, provided customization and automation, and was easy to use.

“Invicti was able to further define and explain the specific issues at hand,” an ISACA security team senior manager said. “It was also able to assist in the proof of concept for vulnerability assessments during development. It is very easy to use, thus allowing everyone in our team to cooperate. Of course, the ability to customize, scan, and automate the tasks was a big plus. Invicti helped us identify the areas to remediate before we migrated new code into the production environment.”

Industry: Non-profit

Vulnerability scanning provider: Invicti

Use case: ISACA partnered with Invicti to streamline and centralize the way it assessed web application vulnerabilities, improving on the disjointed, less thorough approach it had been taking.

Read the ISACA and Invicti case study.

Highmark Health Solutions

Highmark Health Solutions is a healthcare management technology provider that creates solutions, such as an integrated end-to-end administration platform for health plan customers and their combined 10 million members.

As a large enterprise, vulnerability management was a significant undertaking for Highmark’s security operations team. While the company had established practices related to vulnerability management, there were concerns that a true level of risk was unknown.

The company partnered with CyLumena for an evaluation of their processes and overall vulnerability. CyLumena was able to identify process gaps and recommend areas for improvement through both a cybersecurity and Lean Six Sigma lens. Ultimately, Highmark achieved a stronger security posture and implemented a continuous improvement approach to its vulnerability management processes.

“Based on the interactions with CyLumena, I have found that their team is seasoned and professional, their findings are very insightful, and their recommendations can be put into action,” said Jason Martin, Manager of Vulnerability Governance at Highmark Health. “The thoroughness of their assessment and reporting processes has provided us with a basis for implementing improvements to our application security program. I can state with confidence that the results have been a success.”

Industry: Healthcare technology

Vulnerability scanning provider: CyLumena

Use case: To improve on its vulnerability management approach, Highmark Health Solutions hired CyLumena to review its processes, emerging with a more robust security posture and better vulnerability management.

Read the Highmark Health Solutions and CyLumena case study.

ING Wholesale Banking Ukraine

ING Bank, headquartered in Amsterdam, Netherlands, is part of the ING Group, a longstanding global financial corporation. ING Bank manages more than 63,000 employees and provides retail and commercial banking services to more than 32 million private, corporate, and institutional clients in more than 40 countries. ING Wholesale Banking Ukraine is a subsidiary of ING Group.

ING Bank Ukraine needed to protect online services against cyber attacks and wanted to identify its security weaknesses, especially those related to web applications. The company partnered with security consultancy Infopulse for this evaluation.

Infopulse provided a comprehensive plan to address ING Bank Ukraine’s security vulnerability posture. The solution included analysis of information from public resources, an audit of target web and application servers to uncover vulnerabilities, Black Box and White Box penetration testing, and controlled hacking of target systems by information security professionals to confirm identified vulnerabilities and uncover any undetected risks.

ING Bank Ukraine was pleased with the results. Alexander Matsera, Senior Office of the Information and Operational Risk Management Department said, “Nowadays the majority of processes in the banking sphere are computerized, and information systems security level is an important indicator of the reliability of a financial establishment. Paying particular attention to the protection of our clients’ and partners’ confidential information, ING Bank Ukraine regularly conducts security audits and chooses contractors carefully. Infopulse provided the security risks evaluation and presented the detailed recommendations on the improvement of our information systems’ security level.”

Industry: Banking

Vulnerability scanning provider: Infopulse

Use case: Hagedorn migrated to Azure with Barracuda’s FWaaS safely, keeping security protocols across all locations streamlined and centralized.

Read the ING Bank and Infopulse case study.

Keesal, Young & Logan

Keesal, Young & Logan, a small international full-service business law firm, is based in Long Beach California.

The firm needs to comply with information security regulations including HIPAA, HITECH and evolving ABAB standards. It is also committed to protecting sensitive data from outsider access. With a small IT staff, the firm was seeking an outsourced security solution to handle vulnerability scanning. 

Digital Defense was selected as this outsourced security solution. The company provided vulnerability scanning and reported back with a prioritized list of potential vulnerabilities. The Digital Defense solution, called Vulnerability Lifecycle Management-Professional (VLM-Pro), was used to conduct host discovery and vulnerability scans on external and internal IP-based systems and networks. The scans proactively tested for known vulnerabilities as well as mainstream industry practice security configurations.

Justin Hectus, Director of Information said, “We were committed to vulnerability scanning and securing our network, and we invested time in evaluating in-house scanning tools and managed solutions. DD’s scanning technology identified vulnerabilities in our network that were not seen by other scanning methods. DD’s managed solution not only identified weaknesses but also helped us prioritize them so that we could more effectively manage risks.”

Industry: Legal

Vulnerability scanning provider: Digital Defense

Use case: Keesal, Young & Logan selected Digital Defense as an outsourcing partner to manage its vulnerability scanning approach.

Read the Keesal, Young & Logan and Digital Defense case study.

Learn more about top vulnerability scanning tools and software

Sarah Hunt
Sarah Hunt
Sarah Bricker Hunt covers wide-ranging topics for various audiences, including tech-focused features on data privacy, telecom, corporate and consumer technology trends, and more. Hunt's work is frequently featured in print publications, B2B and B2C trade journals, and numerous high-profile websites.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.