Consider the impact of high-profile security breaches, companies have faced hundreds of millions of dollars in direct losses, material negative impact to their brand reputation and corresponding erosion to customer loyalty and trust. A rushed or limited cybersecurity vetting process may miss exposures or key indicators of existing or prior breach. That is why it is critical to understand cybersecurity vulnerabilities, and the potential damage that may occur by not identifying and mitigating them in a reasonable and orderly fashion.
Problem Statement
Our client is one of the largest CRO’s (Clinical Research Organisations) in the world, and they are currently engaged in a corporate strategy of acquiring smaller competitors to grow operations globally. One of the biggest issues facing the security team is ‘how do we know what state the IT assets are in without performing due diligence on the assets prior to acquisition’. Penetration Testing every single IP range and application that has to be accepted into the corporate network is virtually impossible. Identifying these disparate assets and their owners to gain consistent risk controls and metrics is operationally inconceivable in most cases……Cue Edgescan
Continuous Assessment & Integration from Edgescan
Edgescan provides continuous authenticated assessment on an ongoing basis for the web facing assets under management. All of the vulnerabilities discovered are manually validated and risk rated, helping our client focus on issues which cause a real risk. This also allows the client to accept the validated vulnerability intelligence into their existing security systems through the edgescan API, and benefit from instant operationalisation of this intelligence. This streamlines the identification, management, remediation of high risk vulnerabilities of assets from the wild prior to being accepted in the corporate network.
Onboarding
Edgescan on boards each asset from the acquired company, and commences continuous assessment against each asset. This provides deep vulnerability intelligence from each asset prior to acceptance in the corporate network. The edgescan support team work directly with the network and application teams to recommend next actions from a remediation security improvement point of view.
Outcome
Using Edgescan full stack vulnerability management has enabled the client to implement a defined process around rogue asset acceptance into the secure network. This process has been streamlined and automated into the existing security ecosystem of the organisation and aligns with the continuous improvement philosophy of the global information security program. This ultimately saves time and money when accepting new acquisitions into the network for this global entity whilst maintaining control over the entire web facing security posture.