Organizations use vulnerability scanning tools and third-party services to identify areas of risk across their networks. Understanding risk posture is a key element of an effective security solution.
These five case studies provide examples of organizations from different industries that utilize vulnerability scanning services from third parties.
Miles Technologies is a technology consultancy specializing in IT, software, marketing, and cybersecurity. One service they provide is identifying vulnerabilities for clients related to cybersecurity.
The company was seeking a more streamlined alternative to the approach it had been taking to scanning for vulnerabilities and creating progress reports for clients. The tools they had been using were not intuitive and took up a great deal of time.
Acunetix Premium, a vulnerability management tool, improved the way Miles Technologies was conducting vulnerability scanning on behalf of its clients. The company was able to reduce its time commitment to these projects from up to 10 days to fewer than three business days.
Other benefits include customization by clients and reports that include prioritized lists of vulnerability issues. Ultimately, Miles Technologies can deliver better reporting on vulnerabilities in a shorter amount of time with single-solution provider Acunetix compared with its previous, distributed approach.
“Acunetix is our vulnerability scanning tool of choice for situations where information security is a real concern and confidence in safety is key,” said JP Lessard, President of Software Services at Miles Technologies.
Industry: Technology consulting
Vulnerability scanning provider: Acunetix
Use case: Miles Technology signed up with Acunetix to improve on the way it had been conducting vulnerability scanning services to its consulting clients.
Read the Miles Technology and Acunetix case study.
Learn more about vulnerability scanning and why it is important to do it.
ISACA, formerly known as Information Systems Audit and Control Association, is a non-profit international association focused on developing and adopting industry-leading best practices for IT governance, security, and information systems. The organization is huge, serving more than 140,000 members and professional ISACA certification holders across more than 180 countries. Members mostly include consultants, professionals, and educators.
ISACA faced a significant challenge when determining the best way to test vulnerabilities across its sprawling network, which included web applications and assets like login forms, user registration, online payment capabilities, multiple user portals, and tens of thousands of web pages. While the organization adheres to a best practice of using a staging environment for testing all code before it is pushed to live environments, the security team faced an uphill battle when it came to maintaining the integrity of every ISACA website, each of which needed routine maintenance and updating.
Previously, ISACA used open source tools and third-party consultations, which was a relatively unreliable and quite expensive solution. In order to thoroughly review every possible attack surface, ISACA needed a more automated approach to vulnerability scanning.
The Invicti Web Application Security Scanner was chosen by ISACA to automate its vulnerability assessments. ISACA selected Invicti because the Security Scanner provided clear explanations about imminent vulnerabilities, was able to assess vulnerabilities during different development stages, provided customization and automation, and was easy to use.
“Invicti was able to further define and explain the specific issues at hand,” an ISACA security team senior manager said. “It was also able to assist in the proof of concept for vulnerability assessments during development. It is very easy to use, thus allowing everyone in our team to cooperate. Of course, the ability to customize, scan, and automate the tasks was a big plus. Invicti helped us identify the areas to remediate before we migrated new code into the production environment.”
Vulnerability scanning provider: Invicti
Use case: ISACA partnered with Invicti to streamline and centralize the way it assessed web application vulnerabilities, improving on the disjointed, less thorough approach it had been taking.
Read the ISACA and Invicti case study.
Highmark Health Solutions
Highmark Health Solutions is a healthcare management technology provider that creates solutions, such as an integrated end-to-end administration platform for health plan customers and their combined 10 million members.
As a large enterprise, vulnerability management was a significant undertaking for Highmark’s security operations team. While the company had established practices related to vulnerability management, there were concerns that a true level of risk was unknown.
The company partnered with CyLumena for an evaluation of their processes and overall vulnerability. CyLumena was able to identify process gaps and recommend areas for improvement through both a cybersecurity and Lean Six Sigma lens. Ultimately, Highmark achieved a stronger security posture and implemented a continuous improvement approach to its vulnerability management processes.
“Based on the interactions with CyLumena, I have found that their team is seasoned and professional, their findings are very insightful, and their recommendations can be put into action,” said Jason Martin, Manager of Vulnerability Governance at Highmark Health. “The thoroughness of their assessment and reporting processes has provided us with a basis for implementing improvements to our application security program. I can state with confidence that the results have been a success.”
Industry: Healthcare technology
Vulnerability scanning provider: CyLumena
Use case: To improve on its vulnerability management approach, Highmark Health Solutions hired CyLumena to review its processes, emerging with a more robust security posture and better vulnerability management.
Read the Highmark Health Solutions and CyLumena case study.
ING Wholesale Banking Ukraine
ING Bank, headquartered in Amsterdam, Netherlands, is part of the ING Group, a longstanding global financial corporation. ING Bank manages more than 63,000 employees and provides retail and commercial banking services to more than 32 million private, corporate, and institutional clients in more than 40 countries. ING Wholesale Banking Ukraine is a subsidiary of ING Group.
ING Bank Ukraine needed to protect online services against cyber attacks and wanted to identify its security weaknesses, especially those related to web applications. The company partnered with security consultancy Infopulse for this evaluation.
Infopulse provided a comprehensive plan to address ING Bank Ukraine’s security vulnerability posture. The solution included analysis of information from public resources, an audit of target web and application servers to uncover vulnerabilities, Black Box and White Box penetration testing, and controlled hacking of target systems by information security professionals to confirm identified vulnerabilities and uncover any undetected risks.
ING Bank Ukraine was pleased with the results. Alexander Matsera, Senior Office of the Information and Operational Risk Management Department said, “Nowadays the majority of processes in the banking sphere are computerized, and information systems security level is an important indicator of the reliability of a financial establishment. Paying particular attention to the protection of our clients’ and partners’ confidential information, ING Bank Ukraine regularly conducts security audits and chooses contractors carefully. Infopulse provided the security risks evaluation and presented the detailed recommendations on the improvement of our information systems’ security level.”
Vulnerability scanning provider: Infopulse
Use case: Hagedorn migrated to Azure with Barracuda’s FWaaS safely, keeping security protocols across all locations streamlined and centralized.
Read the ING Bank and Infopulse case study.
Keesal, Young & Logan
Keesal, Young & Logan, a small international full-service business law firm, is based in Long Beach California.
The firm needs to comply with information security regulations including HIPAA, HITECH and evolving ABAB standards. It is also committed to protecting sensitive data from outsider access. With a small IT staff, the firm was seeking an outsourced security solution to handle vulnerability scanning.
Digital Defense was selected as this outsourced security solution. The company provided vulnerability scanning and reported back with a prioritized list of potential vulnerabilities. The Digital Defense solution, called Vulnerability Lifecycle Management-Professional (VLM-Pro), was used to conduct host discovery and vulnerability scans on external and internal IP-based systems and networks. The scans proactively tested for known vulnerabilities as well as mainstream industry practice security configurations.
Justin Hectus, Director of Information said, “We were committed to vulnerability scanning and securing our network, and we invested time in evaluating in-house scanning tools and managed solutions. DD’s scanning technology identified vulnerabilities in our network that were not seen by other scanning methods. DD’s managed solution not only identified weaknesses but also helped us prioritize them so that we could more effectively manage risks.”
Vulnerability scanning provider: Digital Defense
Use case: Keesal, Young & Logan selected Digital Defense as an outsourcing partner to manage its vulnerability scanning approach.
Read the Keesal, Young & Logan and Digital Defense case study.
Learn more about top vulnerability scanning tools and software.