Search
A Healthcare Pharmaceutical Firm

In a highly regulated industry, maintaining proper security posture while acquiring other firms and their portfolios of web-facing assets requires best-in-class vulnerability management.

 

About the Client

This multinational healthcare pharmaceutical firm operates in a highly regulated sector due to the security and compliance demands associated with safeguarding patient information and confidential business records, including clinical trial data and documentation for new products seeking patent approval. Proactive management of the web-facing systems supporting this data is of critical importance to the future success of this enterprise, and the company came to Edgescan seeking complete and integrated full-stack application security and vulnerability management.

As a prime player in this industry, the firm regularly acquires smaller competitors and sought Edgescan’s help to ensure that no web-facing assets with substandard security controls would be accepted into the secure network following an acquisition. The enterprise’s leadership also sought full integration of the service into their existing information-security apparatus; a tool to patch vulnerabilities in older legacy assets for which they lacked access to the source code; and on-demand reporting features they could leverage to maintain full compliance with government regulations.

 

About Edgescan

Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets across the globe for both enterprise and SME clients, helping them to continuously detect, prioritize, monitor, and fix security weaknesses for all web-facing and internal systems including web applications, websites, mobile apps, servers, firewalls, VPNs, or VoIP services. A team of analysts validates every vulnerability discovered on an assessment, creating a multi-step verification process for a solution that’s highly accurate and virtually free of false positives.

 



Onboarding

Edgescan swiftly and seamlessly integrated with the client’s internal security operations to harden the attack surface of the core network. The platform immediately went to work identifying potential vulnerabilities and flagging them in the Edgescan dashboard for the internal security team to review. When complex security challenges arose, the Edgescan team helped the client develop bespoke solutions. When the client moved to make an acquisition, Edgescan onboarded all assets associated with the target company—websites, mobile applications, VPNs and more—to begin the program of continuous attack-surface management (ASM) for each asset before it entered the network.

 

Custom-tailored Solutions

The client’s information-security leadership had specific needs tied to the regulatory demands of the industry and the nature of their attack surface. When Edgescan’s solution identified vulnerabilities in some older legacy systems that the firm was operating, the internal security team lacked access to the source code necessary to address the issues. Edgescan supplied automatic Web Application Firewall (WAF) rule generation to help them virtually patch those security gaps by other means.

The firm also had significant requirements around on-demand testing to supplement Edgescan’s rolling vulnerability assessments. They leveraged ad-hoc scans and penetration testing as required to be sure a previously discovered vulnerability had been fixed properly. This on-demand reporting capability is vital given the frequency of security audits that occur within this industry, and this agile posture was key to Edgescan’s role in the firm’s ISO/IEC 27001:2013 compliance efforts.

The enterprise sought a solution that could incorporate all this into a larger approach facilitating the speedy and safe onboarding of new web-facing applications following the acquisition of market competitors.

 

Outcome

Edgescan’s full-stack vulnerability management helped this healthcare pharmaceutical enterprise harden its attack surface and maintain compliance in a highly regulated industry where acquiring smaller competitors is core to the firm’s approach. The platform enabled the firm’s internal security team to swiftly identify and remediate vulnerabilities thanks to Edgescan’s comprehensive integration capabilities, and they leveraged Edgescan’s bespoke solutions to address specific challenges created by legacy systems and a demanding regulatory framework.

The platform enabled the firm to approach its acquisitions strategy with full confidence that a defined process was in place for rogue-asset acceptance into the core secure network, that this process was streamlined and automated into the existing security ecosystem of the organization, and that it aligns with the continuous improvement philosophy of the global information security program. This approach to providing deep vulnerability intelligence on all new digital assets acquired by the enterprise ultimately saves time and money while allowing the firm to maintain full control over the web-facing security posture.