Case Study
UST helped global data company reduce security breaches to zero in just 5 years
CLIENT
This global information services company provides critical data and solutions for various industries, including finance, healthcare, legal and compliance. With operations in more than 150 countries, the company employs nearly 20,000 people and generates more than €5 billion in annual revenue.
CHALLENGE
Providing vulnerability analysts with tools and processes to efficiently resolve security issues
The company wanted to boost its security posture by addressing these vulnerability management issues:
- Replacing time-consuming spreadsheets and emails—with automations to track, prioritize, triage, and coordinate vulnerabilities
- Accelerating the mean time to resolve (MTTR) vulnerabilities—to mitigate security risks
- Increasing options to defer vulnerability remediation—to meet and exceed SLA targets
- Streamlining the collection of vulnerability remediation proofs—because using emails was cumbersome and time-consuming
- Improving end-to-end visibility—to better understand vulnerabilities across the organization, especially the potentially heightened risks of security exceptions
TRANSFORMATION
Integrating and enhancing ServiceNow application to streamline vulnerability management
After a thorough assessment of the client’s vulnerability management challenges, UST implemented a solution that enabled the company to quickly identify, evaluate, and take action on security vulnerabilities. During the engagement, UST:
- Integrated ServiceNow with Rapid7 and Orca asset scanners—which automated workflows to assign vulnerabilities to analysts, for analysts to seamlessly track, defer, remediate, and close items, and for analysts to conduct penetration testing
- Enhanced ServiceNow with policy and risk module—enabling vulnerability analysts to defer vulnerabilities, which decreased SLA breaches and improved the company’s risk posture
- Produced a catalog form—so the vulnerability management team can upload excel files to a database that automatically logs vulnerability items
- Revamped the approval process—by adding reference fields in the vulnerable items form and role-based approvals
- Designed an intuitive ServiceNow dashboard—to measure performance analytics
- Provided 24x7 support—to help resolve operational issues and continuously monitor and optimize application integrations
IMPACT
Achieving immediate benefits to bolster security posture by mitigating vulnerabilities
The successful engagement enabled the vulnerability management team to scan an average of 43,000 assets daily, equating to 100% of the company’s total assets. In addition, the team can now handle an average of 270,000 new vulnerability items per week and 1 million new items per month, with an average close rate of 94.44% per week. The company has also achieved these results:
- Reduced security breaches to zero—during the 5-year engagement
- Accelerated page load time by 83.33%—from two minutes to 20 seconds
- Improved MTTR by 15%—from 45.7 days to 39.8 days