SecureTrust Cybersecurity

Vulnerability Management Case Study: How We Reduced Vulnerability Risk By 86%

SecureTrust Case Studies

What Happened

SecureTrust provides managed security services with AI powered automation to help a leading travel services provider.

SecureTrust security experts implemented managed risk-based vulnerability management to drive substantial efficiencies for our enterprise client.

The Problem

  • Speed – The attackers are always busy. They can exploit a vulnerability in minutes.
  • Cost – According to ZipRecruiter the average annual pay for a vulnerability management engineer is $125K. This doesn’t include tool costs.​
  • Skills – Hiring an internal team means finding diverse and advanced skills that fit within your budget.​
  • Hassle – Nobody said security was easy. There are many processes, projects, tools, and personnel to manage.​

High Level Findings

SecureTrust’s security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:

  • 75% MTTR reduction.
  • 86% vulnerability risk reduction.
  • $1M average annual savings for the client.
  • 1.6k average monthly man-hour savings.
  • 50% process length reduction.
  • 71% risk reduction.
  • 11% security posture rating improvement.

Why SecureTrust?

SecureTrust is a leading provider of cybersecurity automation solutions. SecureTrust’s platform helps organizations to mitigate Intrusions and data exfilitration.

joshua a selvidge

Work Performed By

Joshua Selvidge

Case Study Overview

faster cybersecurity

Faster Remediation

Reducing the exposure time of clients helps reduce risk. Attackers only need minutes to exploit​ vulnerabilities.

smarter cybersecurity

Smarter Processes

Automation and orchestration enable our teams to improve the vulnerability management lifecycle.

better cybersecurity

Better Security

We transform the way businesses think about security. Automation can help us deliver​ on that promise.

The Solution

Close The Gap

Our managed services powered by automation can remediate exposures as soon as they’re discovered.​

Security Cyborgs

We automate to enhance our experts, turning them into security cyborgs. Save by automating away small tasks and focusing on security.​

Cost Savings

Reduce security costs by bundling. Our turn-key service offers a managed security suite. Clients pay a simple monthly fee for the best security. ​

Easy To Use

Simple architecture gives customers the targeted information they need, managed by our cyborgs.​​

The Outcome

The client was able to substantially improve their vulnerability management program through the introduction of automation. Teams are now able to remediate vulnerabilities in a 9-12 day window – a 90% improvement over the industry average of 60-180 days. As a result, our client realized over $1M in annual savings and 1.6k person hours saved per month.

Why Faster Is Better

According to Infosec Institute, the MTTR a vulnerability is 60 to 150 days. Hackers can exploit vulnerabilities within hours to minutes in some cases and they’re using automation to speed this process up.

SecureTrust uses automation to close that window providing a smaller window for hackers to attack customers.​

75-MTTR-reduction

What Does Faster Look Like?

A 75% reduction in MTTR for our client. Remediation is now completed within 9-12 days, beating industry averages by 90%!​

This represents a total reduction of 220k to 30K vulnerabilities (86% reduction) over 6 months.​

See it, Fix it:

3x visibility of vulnerabilities and 2x remediation efforts. In addition to simply removing vulnerabilities, we also now have the ability to scale with the environment and ensure coverage as our clients grow.

86-vulnerability-risk-reduction

What Does Smarter Security Mean?

When implementing a vulnerability management program, businesses need to be able to quantify where cyber risk exists in their organization and tend to the risk hotspots first and with the most resources.

Smarter security means freeing up your experts to do just that by taking away low skill tasks and providing insight with dashboards and vulnerability metrics, enabling data driven discussions.

1.6k-saved-person-hours

How This Was Achieved

  • Automate low-skills tasks – Scanning, organization, categorization, deployment, scheduling, and notification.
  • 50% reduction in process length – The remediation process prior to introducing automation was a manual effort, patching monthly with little focus on Risk. Now, armed with automation, our ‘cyborg’ team re-evaluated customer processes and delivered a RBVM lifecycle that is shorter and requires less interaction. Patching is now completed within days for some systems. Automation has also enhanced manual project management efforts. ​
  • Teams can focus on remediation – Scanning, prioritizing, and patching vulnerabilities is automated. Expert resources now focus on configuration management and lifecycle management remediations.

The Results

  • Realized significant cost savings – Client saves 1.6k person hours per month resulting in an annual cost savings of $1M.
  • Enablement – Part of the smarter security also means we’ve enabled our teams to focus more on risk management and not just vulnerabilities. Instead of emails, worksheets, and other low skilled tasks mostly focused on vulnerabilities specifically. Now, they’re focused on risk and high skill risk related tasks such as the security exception process. SecureTrust’s team was able to work with the client to create an alert rule through their SIEM to solve an obsolete cipher being used. Enabled SecureTrust’s team to bring additional value to the client.
11-security-posture-rating-improvement

What Do We Mean By Better Security?

  • Security that is focused on business risk – Using a risk based approach for processes means more impactful changes to the attack surface.
  • Trackable KPIs – Automation gives our team more in-depth management of the weight of each metric. We can tune the risk metrics based on the customer’s Security Culture and Risk Appetite. ​
  • More informed Senior Management – With better metrics and processes we also bring better reporting to the various data consumers. Our team puts together reports that show where focus needs to be directed in the organization to further security goals.

Our Services Work Better Together

Virtual
CISO

Network
Security

Vulnerability Management

Penetration Testing

Ready To Get Secure?​

Reach Your Security Goals With An Affordable Turnkey Solution