This firm sought vulnerability management as a service to maintain a secure posture across 450 web applications and 12,000+ IP servers, hardening the attack surface for internet and mobile infrastructure and safeguarding a vast pool of confidential information.
About the Client
This telecommunications manufacturer and operator based in the United States manages 450 web applications and over 12,000 IP servers distributed across the globe. The security of these systems is of critical importance, with the continuity of mobile and internet communications at risk along with the firm’s own confidential information, the personal and financial data of its customers, and material considered sensitive by the U.S. federal government.
The client seeks a continuous assessment of its global web-facing assets in order to detect current security issues and maintain a secure posture as threats evolve over time. The firm’s information security leadership prefers a list of actionable findings, free of false positives, which they can then assign for remediation in order of priority using the Edgescan Platform’s insights into which vulnerabilities carry the most critical risk.
About Edgescan
Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets across the globe for both enterprise and SME clients, helping them to continuously detect, prioritize, monitor, and fix security weaknesses for all web-facing and internal systems including web applications, websites, mobile apps, servers, firewalls, VPNs, or VoIP services. A team of analysts validates every vulnerability discovered on an assessment, creating a multi-step verification process for a solution that’s highly accurate and virtually free of false positives.
Onboarding
Edgescan swiftly and seamlessly integrated with the client’s information security apparatus to harden the attack surface of the core network, proceeding to validate each site and server for security and importance. The internal team was set up with an API plug-in to the Edgescan dashboard, where they could access the results and send flagged issues into their remediation process. Once an application is onboarded, technical assessment can commence and the application is subject to re-assessment on an ongoing basis.
Critical Security Priorities
The Edgescan solution is a complete assessment of the global attack surface, with security gaps flagged according to the level of risk—from critical to informational—that each one poses to the firm’s systems. The Edgescan difference is a hybrid approach that combines the breadth of automation with the depth of human assessment, leaning on a battle-hardened team of security experts with industry accreditations such as CREST, OSCP, and CEH. Each potential issue is verified in a multi-step process to maximize accuracy and virtually eliminate false positives.
Outcome
Within the first 7 days, Edgescan discovered, validated, and exposed 233 high-risk issues. All of the vulnerabilities discovered were manually confirmed, helping the client focus on issues which cause real risk. Edgescan monitored the remediation process to ensure flagged issues were properly resolved. Assessments of the attack surface then continued on both a scheduled and an ad-hoc basis. The client could request an assessment at any time to retest for vulnerabilities in any region of their sprawling web-facing assets.
Edgescan’s multi-layered solution helped to secure the security posture of this global enterprise at a time where the challenge has only increased with the growth of cloud and social networking. For many firms, securing customer and enterprise data is a top priority, but in this case, the security of worldwide communications networks is also of vital macroeconomic, social, and geopolitical importance. The Edgescan Platform played its part.