Case study

UST helped an American telco enhanced vulnerability and risk management across software development teams

After CyberProof implemented a hybrid security support model along with a robust solution of security tools and technologies, this U.S. telco closed the gap between application security and security operations—and increased application development productivity by 35%.


Founded over a century ago, this American telecommunications company has become one of the most prominent phone and internet service providers in the U.S. The company recently merged with a competitor in a multibillion-dollar deal.


Bolstering cybersecurity to meet regulatory compliance policies

As a large organization with distributed development teams, the telecom company struggled to maintain clear, consistent, secure coding methodologies across its enterprise. The issue spanned the development ecosystem, from application scanning and testing to implementing best practices and effective training.

The fragmented cybersecurity organization and lack of visibility made it increasingly challenging for the IT team to report to internal and external auditors.

They needed to demonstrate that the company’s processes were meeting payment card industry (PCI) data security standards (DSS) and New York Department of Financial Services (NYDFS) cybersecurity regulations.


Implemented hybrid security support model to mitigate SDLC security vulnerabilities

After a thorough discovery process of more than 60,000 endpoints and a data ingestion volume of 9TB per day, CyberProof, a UST company, developed a roadmap to better position the company in the eyes of its PCI-qualified security assessor (QSA).

CyberProof implemented a hybrid security support model with dedicated Level 2 and use case factory experts. The CyberProof team managed all security tools and technologies, including Sentinel SIEM, Splunk SIEM, Palo Alto XSOAR and XDR, Azure Data Lake, and Splunk Data Lake. CyberProof also implemented ZeroNorth’s technology-agnostic platform.

We helped our client manage vulnerabilities and risks across software development teams and infrastructure with a wide range of scanning and testing tools to ingest, normalize, correlate, and prioritize vulnerabilities across the software development life cycle (SDLC). “Security champions,” designated for each in-scope application, helped drive the process and identify common ground across distinct development teams. The project team also implemented development security controls, including:


Increased application development productivity by 35%

CyberProof helped the telecom company bridge the gap between application security and security operations while streamlining SDLC security processes. According to CyberProof’s head of advisory services, “It was critical that the solution CyberProof developed for this client be delivered as a single pane of glass, providing consistency across disparate applications, and easing the burden of remediating vulnerabilities. The solution enabled the client to consistently apply security across applications and infrastructure in the context of the diverse applications portfolio that was in place.”

To date, the company has: