Edgescan demonstrates its Web Application Security Testing solution can operate with unrivaled precision at massive scale.
About the Client
The enterprise is a leading diversified global entertainment and media conglomerate with subsidiaries and affiliates spread across content production and distribution, live experiences, and assorted international holdings. This client was seeking a new solution to scale their Application Security Testing (AST) program to cover 5,000 web applications across all of their corporate entities after existing solutions simply could not scale to the required level without sacrificing quality.
About Edgescan
Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets across the globe for both enterprise and SME clients, helping them to continuously detect, prioritize, monitor, and fix security weaknesses for all web-facing and internal systems including web applications, websites, mobile apps, servers, firewalls, VPNs, or VoIP services. A team of analysts validates every vulnerability discovered on an assessment, creating a multi-step verification process for a solution that’s highly accurate and virtually free of false positives.
Onboarding
Edgescan quickly established a baseline security posture for all 5,000 web applications across all business units. Within 24 hours, 500 websites were onboarded, a process that can take weeks or months with other solutions. Within one month, Edgescan demonstrated that it could provide threat-detection accuracy at massive scale, and continued to do so as the client enterprise steadily grew and expanded its portfolio of applications that require scanning and monitoring.
The solution continued to provide accuracy under increased loads. In fact, Edgescan’s capacity exceeded the input requirements that this major multinational firm placed on the platform. Previously, the client had been unable to find a solution to handle the extremely large volume of throughput required for its business.
Continuous Assessment
Following the successful implementation of the Web Application Security Testing solution, the client chose to expand their Edgescan Platform service to include Penetration Testing as a Service (PTaaS). With a security perimeter established, the enterprise’s internal Security Team now wanted to probe their vulnerabilities from all angles on a rolling basis. Again due to the size of the firm, they’d struggled to secure penetration testing that was reliable at the required scale, even when they engaged the services of other third-party contractors.
Armed with intelligence secured from the DAST solution, Edgescan began to rank each of the enterprise’s systems in coordination with the client, promoting those that were of core importance to the organization—and those that presented critical risk—as priority targets for penetration testing. Because the testing was integrated with vulnerability assessment on one centralized platform, the enterprise could scale pen testing as required with maximal precision.
Outcome
Within 24 hours, Edgescan was able to onboard 500 websites, and within a month, the solution demonstrated it could provide accuracy across 5,000 web applications. Previously, without the Edgescan Solution, the client was assigning eight members of their security team to validate automated results. With Edgescan, they now assign just two members and deploy the remaining six staff for strategic activities.
With the success of the Web Application Security Testing solution, the firm sought out Penetration Testing as a Service, and the Edgescan Platform was able to deliver this additional solution at 50% of the cost of the client’s previous pen-testing services without sacrificing any coverage or accuracy. Typical pen testing from the firm’s internal teams saw their applications hacked after four hours of testing, but following Edgescan’s intervention—and with the team’s ability to find and fix those vulnerabilities in a more efficient manner—the typical pen test now requires over 48 hours to hack those same applications.
This enterprise has the budget and security acumen to effectively test all manner of security tools, from established services to the newest solutions. They can work with anyone, and each year, the Edgescan Platform is placed in a bake-off against competitors that are also vying to provide services to this client. In each of the past five years, Edgescan has conclusively won the bakeoff and continues to hold a strategic and trusted role in the overall Cyber Security Program for this sprawling international enterprise.