Case study
UST helped an American telco enhanced vulnerability and risk management across software development teams
OUR CLIENT
Founded over a century ago, this American telecommunications company has become one of the most prominent phone and internet service providers in the U.S. The company recently merged with a competitor in a multibillion-dollar deal.
THE CHALLENGE
Bolstering cybersecurity to meet regulatory compliance policies
As a large organization with distributed development teams, the telecom company struggled to maintain clear, consistent, secure coding methodologies across its enterprise. The issue spanned the development ecosystem, from application scanning and testing to implementing best practices and effective training.
The fragmented cybersecurity organization and lack of visibility made it increasingly challenging for the IT team to report to internal and external auditors.
They needed to demonstrate that the company’s processes were meeting payment card industry (PCI) data security standards (DSS) and New York Department of Financial Services (NYDFS) cybersecurity regulations.
THE TRANSFORMATION
Implemented hybrid security support model to mitigate SDLC security vulnerabilities
After a thorough discovery process of more than 60,000 endpoints and a data ingestion volume of 9TB per day, CyberProof, a UST company, developed a roadmap to better position the company in the eyes of its PCI-qualified security assessor (QSA).
CyberProof implemented a hybrid security support model with dedicated Level 2 and use case factory experts. The CyberProof team managed all security tools and technologies, including Sentinel SIEM, Splunk SIEM, Palo Alto XSOAR and XDR, Azure Data Lake, and Splunk Data Lake. CyberProof also implemented ZeroNorth’s technology-agnostic platform.
We helped our client manage vulnerabilities and risks across software development teams and infrastructure with a wide range of scanning and testing tools to ingest, normalize, correlate, and prioritize vulnerabilities across the software development life cycle (SDLC). “Security champions,” designated for each in-scope application, helped drive the process and identify common ground across distinct development teams. The project team also implemented development security controls, including:
- An inventory of secure coding methodologies—that met software and industry standards
- An assessment of process gaps—between application security and security operations to reduce risks and vulnerabilities across the SDLC
- Auditable documentation—to help ensure the new secure coding methodologies are implemented appropriately
- A vulnerability roadmap—to mitigate potential risks
THE IMPACT
Increased application development productivity by 35%
CyberProof helped the telecom company bridge the gap between application security and security operations while streamlining SDLC security processes. According to CyberProof’s head of advisory services, “It was critical that the solution CyberProof developed for this client be delivered as a single pane of glass, providing consistency across disparate applications, and easing the burden of remediating vulnerabilities. The solution enabled the client to consistently apply security across applications and infrastructure in the context of the diverse applications portfolio that was in place.”
To date, the company has:
- Increased application development productivity by 35%
- Improved visibility into coding methodologies across the enterprise
- Met PCI DSS and NYDFS cybersecurity regulations
- Enhanced vulnerability and risk management across software development teams