The sweet relief of improved vulnerability management and risk mitigation

Client

The client is a software company that processes 35% of U.S. mortgage applications. Their services are aimed at lenders and are provided in a Software-as-a-Service model (SaaS) that streamlines and automates the process of originating and funding new mortgage loans and facilitates regulatory compliance.

Business Goal

The client’s business serves an industry where regulatory compliance is among the foremost considerations and it is critical to keep all business-related IT infrastructure and data secure. Therefore, the client wanted a partner to provide a Security Operations Center (SOC) for vulnerability management and to monitor, detect, investigate, analyze and respond to phishing attempts, virus and Trojan attacks, DDoS and Ransomware. The goal was to ensure that confidentiality, integrity and availability (CIA) was maintained and all risks were addressed.

Microland Solution

After analyzing the client’s needs, Microland recommended and implemented the following solutions:

• Vulnerability Management - conducted for all internal and external locations via weekly Authenticated Scans and Unauthenticated Scans
  • 4 unique external vulnerabilities remediated in 2018
  • 53 unique internal production environment vulnerabilities remediated in 2018
  • 115 unique pre-production and corporate environment vulnerabilities remediated in 2018

• Manual implementation - of the client’s asset IPs and Subnets has been conducted for all environments (corporate, production, AllRegs and Velocify)
• Security Monitoring - primarily through Splunk but also includes other tools such as Zscaler, Trend Micro and Cofense
  • Security monitoring is done proactively for each security tool on the SOC/CSIRT toolbox
  • User behavior analysis is conducted through Exabeam UBA
• Incident Response – by Microland SOC that conducts 24X7X365 operations
  • Security incidents are managed using the incident response lifecycle and NIST Cyber Security Framework 
• Metrics/ Reporting - for Security incidents, vulnerabilities, patching and remediation have been created and are tracked and recorded
  • Enabled via a SNOW dashboard

Business Outcomes

Microland’s methodical assessment and security expertise combined with industry best practices resulted in a significant enhancement of IT and data security. All security incidents have been handled and resolved within the defined SLAs reducing overall risk.

Through 2018, five types of threats were remediated. These included phishing (count: 2,241), health activity (count: 1,219), malicious activity (count: 1,189), vulnerability (count: 755) and reconnaissance (count: 1,625).

The client is now able to:

• Manage major threats targeting VIP users via a 24X7 Security Event monitoring capability
• Manage patching of critical and high priority security vulnerabilities faster (cycle time reduced from 7 days to 24 hours)
• Investigate and act immediately on all phishing emails round the clock
• Address all zero-day vulnerability and malware threats via threat intelligence