Financial services firm resolves 60% of its vulnerabilities using Panaseer

The challenge

As a first step to meeting its goal of improving its cybersecurity posture, our customer was keen to tackle the following fundamental challenges:

• Lack of visibility of coverage and policy gaps 
  Several fragmented IT estates support the business. This means it's challenging to ensure that security controls are operating within policy across all assets continuously.
• Lack of evidence-based reporting 
  Security reporting was conducted manually. It covered only a certain period at a point in time.

The solution

The Chief Information Security Officer (CISO) recognized a need for a solution to address the challenge of maintaining a good cybersecurity posture in a fragmented IT environment. He also knew from experience that building a solution manually would require a lot of time, effort, and resources. The answer was Panaseer’s Continuous Controls Monitoring (CCM) platform.

Panaseer SaaS

The company needed a quick-to-value cloud offering that would result in fast delivery, roll-out, and adoption with lower cost of ownership. Panaseer SaaS is a fully managed service, hosted and operated by Panaseer on a secure AWS cloud infrastructure, which enables the company to focus on its core business.

Inventory analysis

The Panaseer Platform ingests disparate data through its Data Connectors, performs smart single entity resolution through its proprietary technology and creates a baseline, categorized inventory list called a smart inventory. Panaseer’s inventory analysis provides a unified, centralized view of all its technical assets from its fragmented environment. Once implemented, the Panaseer Platform identified that the company’s CMDB was missing 29% of its devices in one estate.

Vulnerability, patch, and endpoint

As well as paving the way for improved visibility into security, the Panaseer Platform has effectively enabled the company to ensure its security controls are performing within policy through Continuous Controls Monitoring.

The Panaseer Platform delivers detailed insights into the performance of controls such

 as vulnerability, patch, and endpoint security management tools across the network. Using these insights, the security team was able to focus on improving their cybersecurity posture. It should be noted that the security team reduced the backlog of vulnerabilities by 60% within 4 months of implementing Panaseer.

Security metrics reporting

The CISO was also keen to explore a different approach to security reporting. He wanted to evolve security metrics reporting into a continuous, up-to-date, and automated process that evaluates their enterprise-wide controls assurance and its improvement over time.

He wanted evidence-based reporting, based on trusted data to showcase improvement and understand whether controls are performing as expected. He is utilizing Panaseer to achieve this.