Vulnerability Management Case Study: How We Reduced Vulnerability Risk By 86%
[/vc_column_text][vc_empty_space height=”25px”][/vc_column][vc_column width=”1/2″][vc_empty_space height=”25px”][vc_video link=”https://youtu.be/nu0US3xLEH4″ align=”center”][vc_empty_space height=”25px”][/vc_column][/vc_row][vc_row content_width=”grid” css_animation=”qodef-element-from-left” css=”.vc_custom_1629063012497{background-color: #f7f7f7 !important;}”][vc_column width=”3/4″][vc_empty_space][vc_column_text]Home / Case Studies / Travel Services Provider
[/vc_column_text][vc_empty_space][/vc_column][vc_column width=”1/4″][/vc_column][/vc_row][vc_row][vc_column][vc_text_separator title=”” border_width=”2″][vc_empty_space height=”2px”][/vc_column][/vc_row][vc_row content_width=”grid”][vc_column width=”1/2″][vc_empty_space height=”50px”][vc_column_text css_animation=”none”]What Happened
PurpleSec provides managed security services with AI powered automation to help a leading travel services provider.
PurpleSec security experts implemented managed risk-based vulnerability management to drive substantial efficiencies for our enterprise client.
The Problem
- Speed – The attackers are always busy. They can exploit a vulnerability in minutes.
- Cost – According to ZipRecruiter the average annual pay for a vulnerability management engineer is $125K. This doesn’t include tool costs.
- Skills – Hiring an internal team means finding diverse and advanced skills that fit within your budget.
- Hassle – Nobody said security was easy. There are many processes, projects, tools, and personnel to manage.
High Level Findings
PurpleSec’s security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- $1M average annual savings for the client.
- 1.6k average monthly man-hour savings.
- 50% process length reduction.
- 71% risk reduction.
- 11% security posture rating improvement.
Get started >[/vc_column_text][vc_empty_space height=”50px”][vc_row_inner][vc_column_inner][vc_empty_space height=”25px”][vc_single_image image=”6188″ img_size=”200×200″ alignment=”center” style=”vc_box_outline_circle” css_animation=”fadeIn”][vc_empty_space height=”16px”][vc_column_text]
Work Performed By
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][/vc_row_inner][vc_empty_space height=”50px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1670457982476{background-color: #333333 !important;}”][vc_column width=”1/2″][vc_empty_space height=”35px”][vc_column_text]PurpleSec’s Cyber Risk Management Platform[/vc_column_text][vc_empty_space height=”25px”][/vc_column][vc_column width=”1/2″][vc_empty_space height=”25px”][qodef_button size=”” type=”” hover_animation=”” target=”_blank” icon_pack=”font_awesome” fa_icon=”fa-arrow-right” font_weight=”700″ text=”Download Datasheet” link=”https://purplesec.us/wp-content/uploads/2023/03/PurpleSec-Automated-Vulnerability-Patching-Datasheet.pdf” color=”#ffffff” hover_color=”#333333″ background_color=”#b175ff” hover_background_color=”#ffffff” border_color=”#b175ff” hover_border_color=”#b175ff” font_size=”16″][vc_empty_space height=”25px”][/vc_column][/vc_row][vc_row content_width=”grid”][vc_column][vc_empty_space height=”75px”][vc_column_text]Overview
[/vc_column_text][vc_empty_space height=”75px”][vc_row_inner][vc_column_inner width=”1/3″][vc_column_text]
Faster Remediation
Reducing the exposure time of clients helps reduce risk. Attackers only need minutes to exploit vulnerabilities.
[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]
Smarter Processes
Automation and orchestration enable our teams to improve the vulnerability management lifecycle.
[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]
Better Security
We transform the way businesses think about security. Automation can help us deliver on that promise.
[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1670452207948{background-color: #f7f7f7 !important;}”][vc_column][vc_empty_space height=”75px”][vc_column_text]The Solution
[/vc_column_text][vc_empty_space height=”50px”][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]
Close The Gap
Our managed services powered by automation can remediate exposures as soon as they’re discovered.
[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text]
Cost Savings
Reduce security costs by bundling. Our turn-key service offers a managed security suite. Clients pay a simple monthly fee for the best security.
[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_empty_space height=”50px”][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]
Security Cyborgs
We automate to enhance our experts, turning them into security cyborgs. Save by automating away small tasks and focusing on security.
[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text]
Easy To Use
Simple architecture gives customers the targeted information they need, managed by our cyborgs.
[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid”][vc_column][vc_empty_space height=”75px”][vc_column_text css_animation=”fadeIn”]PurpleSec + Automation
=
Better Cyber Risk Management
[/vc_column_text][vc_empty_space height=”50px”][vc_row_inner css_animation=”qodef-element-from-left”][vc_column_inner width=”1/2″][vc_column_text]
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][vc_column_inner width=”1/2″][vc_empty_space height=”50px”][vc_column_text]
Risk-Based Vulnerability Management
Automation empowered our team to deliver risk-based vulnerability management and automate many tasks reducing mean time to remediate vulnerabilities by over 70%.
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][/vc_row_inner][vc_empty_space height=”50px”][vc_row_inner css_animation=”qodef-element-from-left”][vc_column_inner width=”1/2″][vc_column_text]
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][vc_column_inner width=”1/2″][vc_empty_space height=”50px”][vc_column_text]
Increased ROSI For Client
Increased the return on security investment (ROSI) by saving our client $1M in annual costs with an average of 1.6k of man-hour saved annually.
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][/vc_row_inner][vc_empty_space height=”50px”][vc_row_inner css_animation=”qodef-element-from-left”][vc_column_inner width=”1/2″][vc_empty_space height=”25px”][vc_column_text]
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][vc_column_inner width=”1/2″][vc_empty_space height=”25px”][vc_column_text]
More Informed CISO / CIO
Automation enables our team to craft reports and dashboard for each audience. Technical, management, and CIO teams are now more informed than ever before. Provided granular visibility to vulnerabilities to uncover bottlenecks at the business unit level.
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][/vc_row_inner][vc_empty_space height=”50px”][vc_row_inner css_animation=”qodef-element-from-left”][vc_column_inner width=”1/2″][vc_column_text]
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][vc_column_inner width=”1/2″][vc_empty_space height=”25px”][vc_column_text]
Better Security
With shorter attack windows, reduced risk, and a better equipped management, our customers are better prepared for the ever increasing risks.
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][/vc_row_inner][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1670208902582{background-color: #f7f7f7 !important;}”][vc_column width=”1/2″][vc_empty_space height=”75px”][vc_column_text css_animation=”none”]Why Faster Is Better
According to Infosec Institute, the MTTR a vulnerability is 60 to 150 days. Hackers can exploit vulnerabilities within hours to minutes in some cases and they’re using automation to speed this process up.
PurpleSec uses automation to close that window providing a smaller window for hackers to attack customers.
What Does Faster Look Like?
A 75% reduction in MTTR for our client. Remediation is now completed within 9-12 days, beating industry averages by 90%!
This represents a total reduction of 220k to 30K vulnerabilities (86% reduction) over 6 months.
See it, Fix it:
3x visibility of vulnerabilities and 2x remediation efforts. In addition to simply removing vulnerabilities, we also now have the ability to scale with the environment and ensure coverage as our clients grow.[/vc_column_text][vc_empty_space height=”75px”][/vc_column][vc_column width=”1/2″][vc_empty_space height=”150px”][vc_column_text]
[/vc_column_text][vc_empty_space height=”75px”][vc_column_text]
[/vc_column_text][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1670513967352{background-color: #f7f7f7 !important;}”][vc_column][vc_empty_space height=”75px”][vc_column_text]
[/vc_column_text][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1670208902582{background-color: #f7f7f7 !important;}”][vc_column width=”1/2″][vc_empty_space height=”75px”][vc_column_text css_animation=”none”]
What Does Smarter Security Mean?
When implementing a vulnerability management program, businesses need to be able to quantify where cyber risk exists in their organization and tend to the risk hotspots first and with the most resources.
Smarter security means freeing up your experts to do just that by taking away low skill tasks and providing insight with dashboards and vulnerability metrics, enabling data driven discussions.
How This Was Achieved
- Automate low-skills tasks – Scanning, organization, categorization, deployment, scheduling, and notification.
- 50% reduction in process length – The remediation process prior to introducing automation was a manual effort, patching monthly with little focus on Risk. Now, armed with automation, our ‘cyborg’ team re-evaluated customer processes and delivered a RBVM lifecycle that is shorter and requires less interaction. Patching is now completed within days for some systems. Automation has also enhanced manual project management efforts.
- Teams can focus on remediation – Scanning, prioritizing, and patching vulnerabilities is automated. Expert resources now focus on configuration management and lifecycle management remediations.
[/vc_column_text][vc_empty_space height=”75px”][vc_column_text]
The Results
- Realized significant cost savings – Client saves 1.6k person hours per month resulting in an annual cost savings of $1M.
- Enablement – Part of the smarter security also means we’ve enabled our teams to focus more on risk management and not just vulnerabilities. Instead of emails, worksheets, and other low skilled tasks mostly focused on vulnerabilities specifically. Now, they’re focused on risk and high skill risk related tasks such as the security exception process. PurpleSec’s team was able to work with the client to create an alert rule through their SIEM to solve an obsolete cipher being used. Enabled PurpleSec’s team to bring additional value to the client.
[/vc_column_text][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1670208902582{background-color: #f7f7f7 !important;}”][vc_column width=”1/2″][vc_empty_space height=”75px”][vc_column_text css_animation=”none”]
What Do We Mean By Better Security?
- Security that is focused on business risk – Using a risk based approach for processes means more impactful changes to the attack surface.
- Trackable KPIs – Automation gives our team more in-depth management of the weight of each metric. We can tune the risk metrics based on the customer’s Security Culture and Risk Appetite.
- More informed Senior Management – With better metrics and processes we also bring better reporting to the various data consumers. Our team puts together reports that show where focus needs to be directed in the organization to further security goals.
[/vc_column_text][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” content_aligment=”center” css_animation=”qodef-element-from-left” css=”.vc_custom_1670212496161{background-image: url(https://purplesec.us/wp-content/uploads/2022/08/Purple-gradiant-background-desktop.png?id=20893) !important;}”][vc_column][vc_empty_space height=”75px”][vc_column_text css_animation=”none”]
The Outcome
[/vc_column_text][vc_empty_space height=”25px”][vc_column_text]The client was able to substantially improve their vulnerability management program through the introduction of automation. Teams are now able to remediate vulnerabilities in a 9-12 day window – a 90% improvement over the industry average of 60-180 days. As a result, our client realized over $1M in annual savings and 1.6k person hours saved per month.
[/vc_column_text][vc_empty_space height=”75px”][/vc_column][/vc_row][vc_row content_width=”grid” css=”.vc_custom_1633822500843{background-color: #f7f7f7 !important;}”][vc_column][vc_empty_space][vc_column_text css_animation=”appear” css=”.vc_custom_1660410323756{padding-top: 25px !important;}”]Explore Our Security Services
[/vc_column_text][vc_empty_space][vc_row_inner][vc_column_inner width=”1/4″][vc_empty_space][vc_single_image image=”10733″ img_size=”” css_animation=”appear”][vc_column_text css_animation=”appear” css=”.vc_custom_1672592424398{padding-top: 25px !important;}”]Managed Security
[/vc_column_text][vc_empty_space][/vc_column_inner][vc_column_inner width=”1/4″][vc_empty_space][vc_single_image image=”10730″ img_size=”” css_animation=”appear”][vc_column_text css_animation=”appear” css=”.vc_custom_1633822266321{padding-top: 25px !important;}”]Penetration Testing
[/vc_column_text][vc_empty_space][/vc_column_inner][vc_column_inner width=”1/4″][vc_empty_space][vc_single_image image=”10731″ img_size=”” css_animation=”appear”][vc_column_text css_animation=”appear” css=”.vc_custom_1672592409070{padding-top: 25px !important;}”]Vulnerability Mgmt
[/vc_column_text][vc_empty_space][/vc_column_inner][vc_column_inner width=”1/4″][vc_empty_space][vc_single_image image=”10732″ img_size=”” css_animation=”appear”][vc_column_text css_animation=”appear” css=”.vc_custom_1672592418450{padding-top: 25px !important;}”]Risk Assessment
[/vc_column_text][vc_empty_space][/vc_column_inner][/vc_row_inner][vc_empty_space][/vc_column][/vc_row]