Securing the internet footprint
The client works in a heavily regulated industry due to the sensitivity of data from both the human capital side and the pharmaceutical side of the business. Proactive security management of the systems and applications supporting this data is tantamount to the future success of this truly global entity. The requirement is for complete and integrated vulnerability management.
- The client company required a continuous assessment of its entire global internet facing cyber-estate in order to detect and fix security issues and to keep pace with the agile development methodologies being deployed.
- The client required integration into their existing security systems through the edgescan API.
- The client liked our Automatic WAF rule generation to help them virtually patch vulnerabilities for which they don’t have access to the source code to fix the issue. This was of particular use for older legacy system security.
- They leverage the on-demand testing where required in order to help ensure a previously discovered vulnerability has been fixed properly.
- The on-demand reporting is vital, given the frequency of audits which occur in their industry. edgescan™ also helps with ISO/IEC 27001:2013 compliance efforts with the flexibility in reporting.
Being one of the largest enterprises in this industry, the client acquires smaller players in the industry. Edgescan offers the client the assurance that no substandard security controls via hosts or applications are accepted into the secure network zones by providing deep vulnerability intelligence on all new digital assets acquired by the enterprise.
Continuous Assessment & Integration
Edgescan provided continuous authenticated assessment on an ongoing basis for the web facing assets under management. All of the vulnerabilities discovered are manually validated helping our client focus on issues which cause a real risk. This also allows the client to accept the validated vulnerability intelligence into their existing security systems through the edgescan API, and benefit from instant operationalisation of this intelligence.
Using edgescan full stack vulnerability management has enabled the client to implement a defined process around rogue asset acceptance into the secure network. This process has been streamlined and automated into the existing security ecosystem of the organisation and aligns with the continuous improvement philosophy of the global information security program. This ultimately saves time and money when accepting new acquisitions into the network for this global entity whilst maintaining control over the web facing security posture.