A midsize European nation’s largest health-insurance provider tapped Edgescan to streamline its penetration-testing practices with an eye on eliminating inefficiencies, automating their reporting processes, and gaining new visibility into security gaps in the attack surface.
About the Client
With roughly 2,500 employees across four branch offices and several sites, the company came to Edgescan with significant challenges around securing their systems, which include large-scale databases of sensitive patient records, financial data from hospitals and other facilities, and the firm’s own proprietary information.
This insurance provider’s internal security team sought a new solution for penetration testing, as its existing practices were burdened by a procurement process that created significant delays, ate up the security team’s time, and left visibility gaps. The team also wanted to automate their processes: prior to enlisting Edgescan, each quarterly pentest required security analysts to manually collate the results and log the findings onto a management platform to remediate them. Reports from different providers were received in PDF format, which made it harder for the insurance provider to compare metrics and build an efficient remediation pipeline.
About Edgescan
The Edgescan Platform features Penetration Testing as a Service (PTaaS), a hybrid solution that combines the breadth of automation with the depth of human assessment. As part of the platform’s Exposure Management Security as a Service (SaaS), the solution is integrated with advanced vulnerability management and cyber analytics to automatically validate risk, then rate that risk against a suite of threat feeds to prioritize remediation. PTaaS can be used for web application security, APIs, cloud assets, network devices, and more.
Onboarding
The insurance provider’s security team furnished Edgescan with account credentials and some key details about their systems. Then they sat back and watched as the platform was swiftly and seamlessly integrated into their operations. With the vision this provided into the firm’s wider network, Edgescan immediately began to monitor the full stack for any and all changes in the security environment and flag them in real time, including unapproved adjustments to user profiles, permissions, or protocols. Concurrently, the firm’s internal team gained access to the intuitive Edgescan dashboard as a base of operations for their security approach.
The PTaaS Difference
The unique intelligence behind the hybrid penetration-testing solution comes from a battle-hardened team of security experts with industry accreditations such as CREST, OSCP, and CEH. Their deep experience provides critical insight that dovetails neatly with the breadth and scope of the platform’s automated penetration testing services, which also yield an array of actionable analytics. This is where the Edgescan advantage comes into play.
PTaaS helps organizations better manage security risks, mitigate data breaches, and assure safe-business continuity. Delivered as a service to offer greater scale, agility, and risk awareness, this type of assessment is essential for maintaining compliance with industry regulations and building top-of-the-line security frameworks.
Outcome
The firm’s approach to penetration testing was immediately streamlined, replacing a cumbersome process of onboarding testers on quarterly cycles—and manually assembling their findings—with Edgescan’s comprehensive service. The in-house security team gained “real visibility into previous gaps in [their] ability to secure systems” and huge improvements in reporting as they moved from manually gathering data to a fully automated and integrated approach. This enabled the team to make use of detailed metrics as they built an effective remediation pipeline to address vulnerabilities as they were identified. Combined with dramatically increased visibility into the attack surface, this yielded a vastly improved mean time to remediate (MTTR). The insurance provider successfully met security and compliance requirements and honored its commitment to protect customers’ sensitive data.