CHALLENGELeaders in modern organizations are becoming increasingly responsible at a personal level for driving effective programs and maintaining the security posture of an organization. Without visibility and tools in place, it is extremely difficult to measure effectiveness of a security program. A new CISO at an online search company had recently completed an initial assessment of people, process, and technology, which identified security posture visibility within the environment as a major deficiency.
The CISO recognized that a company which was built upon reputation can be effected greatly by a single public incident. If a breach happened, they could be required to notify their customer base and public community regarding compromised personal data. Without the tools necessary to provide enterprise class visibility, the team would not be in the best position to proactively evaluate the organizational posture. Taking necessary precautions, the CISO determined that a vulnerability management program was needed across the IT environment and the best place to begin addressing the deficiency. This would allow them to continuously evaluate the security and infrastructure of their applications and be aware of the vulnerabilities that exist on company assets.
SOLUTIONThe new leadership addressed the lack of visibility and team’s technical abilities so they were well prepared with awareness of the organizational security posture. Based on a previous relationship with the new CISO, Alagen was brought in to assess infrastructure and create a vulnerability management program, as well as lead the assessment, selection and placement of security vulnerability monitoring tools.
Alagen brought in fresh ideas around solving visibility issues, and evaluated multiple facets of the company’s security posture including the high value targets, health of existing tools, security architecture, tool versions, reporting capabilities, and the security team’s fluency with relevant technology. In addition to a technology refresh, a primary goal of the project was to ensure that the client team was prepared to support and maintain the newly implemented model and associated technology going forward. Alagen therefore created procedural documentation, knowledge transfer, recurring reporting and then handed over the reins while project efforts were ramped down.
BENEFITAlagen brought in team members who had decades of experience in threat and vulnerability who were able to quickly assess the current state and present findings to the leadership team. They immediately turned around the refresh of their program to incorporate business and technical stakeholders ensuring that all organizational needs were being addressed.
The company and new CISO now have a program that allows them to proactively identify and mitigate risks associated with vulnerabilities in their environment. Due to the success of the program and the relationship built between Alagen and the client, they have referred Alagen to other companies in need of similar assistance.