Vulnerability Management Case Study
How We Reduced A Travel Insurance Provider's Vulnerability Risk By 86%
What Happened
PurpleSec provides managed security services with AI powered automation to help a leading travel services provider. PurpleSec security experts implemented managed risk-based vulnerability management to drive substantial efficiencies for our enterprise client.
The Problem
- Speed – The attackers are always busy. They can exploit a vulnerability in minutes.
- Cost – According to ZipRecruiter the average annual pay for a vulnerability management engineer is $125K. This doesn’t include tool costs.
- Skills – Hiring an internal team means finding diverse and advanced skills that fit within your budget.
- Hassle – Nobody said security was easy. There are many processes, projects, tools, and personnel to manage.
High Level Findings
PurpleSec’s security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in 3 months:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- $1M average annual savings for the client.
- 1.6k average monthly man-hour savings.
- 50% process length reduction.
- 71% risk reduction.
- 11% security posture rating improvement.
Overview
Faster Remediation
Reducing the exposure time of clients helps reduce risk. Attackers only need minutes to exploit vulnerabilities.
Smarter Processes
Automation and orchestration enable our teams to improve the vulnerability management lifecycle.
Better Security
We transform the way businesses think about security. Automation can help us deliver on that promise.
The Solution
Faster Remediation
Our managed services powered by automation can remediate exposures as soon as they’re discovered.
Faster Remediation
Reduce security costs by bundling. Our turn-key service offers a managed security suite.
Automation
We automate to enhance our experts. Save by automating away small tasks and focusing on security.
Easy To Use
Simple architecture gives customers the targeted information they need, managed by our cyborgs.
PurpleSec + Automation
=
Better Cyber Risk Management
Risk-Based Vulnerability Management
Automation empowered our team to deliver risk-based vulnerability management and automate many tasks reducing mean time to remediate vulnerabilities by over 70%.
Increased ROSI For Client
Increased the return on security investment (ROSI) by saving our client $1M in annual costs with an average of 1.6k of man-hour saved annually.
More Informed CISO / CIO
Automation enables our team to craft reports and dashboard for each audience. Technical, management, and CIO teams are now more informed than ever before. Provided granular visibility to vulnerabilities to uncover bottlenecks at the business unit level.
Better Security
With shorter attack windows, reduced risk, and a better equipped management, our customers are better prepared for the ever increasing risks.
Why Faster Is Better
According to Infosec Institute, the MTTR a vulnerability is 60 to 150 days. Hackers can exploit vulnerabilities within hours to minutes in some cases and they’re using automation to speed this process up.
PurpleSec uses automation to close that window providing a smaller window for hackers to attack customers.
What Does Faster Look Like?
A 75% reduction in MTTR for our client. Remediation is now completed within 9-12 days, beating industry averages by 90%!
This represents a total reduction of 220k to 30K vulnerabilities (86% reduction) over 6 months.
See it, Fix it:
3x visibility of vulnerabilities and 2x remediation efforts. In addition to simply removing vulnerabilities, we also now have the ability to scale with the environment and ensure coverage as our clients grow.
Why Faster Is Better
When implementing a vulnerability management program, businesses need to be able to quantify where cyber risk exists in their organization and tend to the risk hotspots first and with the most resources.
Smarter security means freeing up your experts to do just that by taking away low skill tasks and providing insight with dashboards and vulnerability metrics, enabling data driven discussions.
How This Was Achieved
- Automate low-skills tasks – Scanning, organization, categorization, deployment, scheduling, and notification.
- 50% reduction in process length – The remediation process prior to introducing automation was a manual effort, patching monthly with little focus on Risk. Now, armed with automation, our ‘cyborg’ team re-evaluated customer processes and delivered a RBVM lifecycle that is shorter and requires less interaction. Patching is now completed within days for some systems. Automation has also enhanced manual project management efforts.
- Teams can focus on remediation – Scanning, prioritizing, and patching vulnerabilities is automated. Expert resources now focus on configuration management and lifecycle management remediations.
The Results
- Realized significant cost savings – Client saves 1.6k person hours per month resulting in an annual cost savings of $1M.
- Enablement – Part of the smarter security also means we’ve enabled our teams to focus more on risk management and not just vulnerabilities. Instead of emails, worksheets, and other low skilled tasks mostly focused on vulnerabilities specifically. Now, they’re focused on risk and high skill risk related tasks such as the security exception process. PurpleSec’s team was able to work with the client to create an alert rule through their SIEM to solve an obsolete cipher being used. Enabled PurpleSec’s team to bring additional value to the client.
What Do We Mean By Better Security?
- Security that is focused on business risk – Using a risk based approach for processes means more impactful changes to the attack surface.
- Trackable KPIs – Automation gives our team more in-depth management of the weight of each metric. We can tune the risk metrics based on the customer’s Security Culture and Risk Appetite.
- More informed Senior Management – With better metrics and processes we also bring better reporting to the various data consumers. Our team puts together reports that show where focus needs to be directed in the organization to further security goals.
The Outcome
The client was able to substantially improve their vulnerability management program through the introduction of automation. Teams are now able to remediate vulnerabilities in a 9-12 day window – a 90% improvement over the industry average of 60-180 days. As a result, our client realized over $1M in annual savings and 1.6k person hours saved per month.
Explore Our Security Services
Ready To Get Secure?
Reach Your Security Goals With Affordable Solutions Built For Small Business
