IT security is essential, as is the sustainability of processes.

Brief description:

Because vulnerability management is not just about powerful technology, Netlution set up a sustainable managed service concept for a globally active company.

Situation:

In a globally active group, management in particular faces a challenge. Simply searching for and patching vulnerabilities is neither sufficient nor economical. The customer was looking for a concept and implementation as a managed service that recognizes security threats worldwide and identifies vulnerable systems and enables systematic and sustainable vulnerability management.

Customer request:

Establishment of a managed service team and establishment of these services in its operational organization.

Challenges:

Vulnerability management was previously decentralized. A highly specialized managed service with low resource capacity requirements had to be established in the operational organization. In addition to technological expertise, the Netlution IT specialists deployed to set up the service needed extensive knowledge of the organization and processes of the customer organization.

KPIs:

  • Reduction of open vulnerabilities through professional detection and tracking
  • Increasing and reporting security compliance in the infrastructure sector
  • Consulting in vulnerability management
  • Further development of the tool landscape
  • Stable service operation / continuous optimization through automation

Netlution solution:

A managed service with a dedicated team of experts as a sustainable concept that increases the security level of the IT environment and makes the management of processes sustainable.

Project duration:

The project was launched in 2014 as an ongoing program.

Netlution services:

  • Vulnerability Intelligence
  • Distribution of vendor advisories
  • Distribution of security/malware information
  • Risk assessments for advisories
  • Vulnerability Scans/Pentests
  • Fully automated scans of data center & network infrastructure
  • On demand scans for infrastructure and web applications
  • Tracking of findings and remediation plans
  • Support for asset owners in the documentation and implementation of remediation
  • Consulting in the area of vulnerability management
  • Design of global processes
  • Implementation of security guidelines for service providers

Results:

  • Reduction of open vulnerabilities by approx. 5,000 per month
  • Halving of externally reported web vulnerabilities
  • Improvement of risk assessments through optimized environmental classification
  • Elimination of several security findings
  • Halving of effort for scanning and tracking
  • Elimination of “blind spots”