Skip to main content
The Panaseer logo shows a white square and a yellow square around the initial P. To the right of the P there is the copy written ‘anaseer’.
Get a demo
Show main menu Hide main menu
Schroders_Logo

Industries
Global asset management

Employees
Over 6,000 people worldwide

Region
32 operation countries across Europe, the Americas, Asia and the Middle East

Assets
$536.7 billion assets responsible for, created from a focus of bringing together people and data to spot the trends that will shape the future

Schroders: Understanding, monitoring and reducing security vulnerabilities

Schroders retained Panaseer in June 2016, to enable, empower and automate the understanding, monitoring and reduction of its device vulnerabilities across the business.

The challenge

Aware that the collation of security and IT data to drive visibility into its risk appetite was critical in delivering a security programme that could meet its requirements, Schroders has been consistently developing its own Management Information process.

Introduced to Panaseer at the 2016 FS-ISAC Conference in London, the platform was perfectly aligned with Schroders strategic requirements – providing an automated and accurate, risk-based understanding of assets, controls, vulnerabilities and threats. By pulling data from Schroders’ security solutions and products, then cleaning, enriching, normalizing and unifying it into a single, scalable view of the truth, Panaseer has enabled Schroders to further improve its security controls.

The solution

Automating the ingestion and normalisation of business, IT and security data from existing sources into a single view, Panaseer’s security metrics and associated dynamic dashboards have given the Schroders security and IT teams an effective and continual oversight of their security posture. 2Real vulnerability reduction

The initial focus of the platform was to generate visibility of device vulnerabilities, exploring the data to expose, highlight and diagnose problem areas, establish journeys and use cases to highlight next best actions targeted at reducing device vulnerabilities.

Leveraging the campaign tool, Schroders security team has been able to take remedial action and track progress. Through dynamic dashboards cross functional teams worked against a single source of shared insight, and also tracked and reported on remedial progress.

For example:

With the new ability to drill down into the data and gain insight, Schroders discovered that a device build was introducing new vulnerability detections into the environment. This visibility has allowed the team to further reduce any potential security risk.

Devices with ‘End of Life’ software were identified and tracked through the Campaign feature, allowing infrastructure and security teams to collaborate on updating the software.

Panaseer has allowed us to gain the insight we need into our security controls to always know whether they’re adequately deployed and operating effectively.

Rob Hyde
CISO

Outcomes

Panaseer delivers real actionable intelligence that enables measurably improved security and reduction in risk posture by reducing the number and severity of device vulnerabilities whilst decreasing the likelihood of an attack exploiting those vulnerabilities.

Recent instances include:

  • Ability to identify areas of greatest risk: Providing the continuous identification of areas of concern.
  • Ability to focus on areas of greatest return: Identifying the areas with the greatest potential improvement and the associated risk allowed Schroders to focus and prioritise.
  • As Panaseer automatically pulls and analyses data, it can ingest and update vulnerability and anti-malware data more frequently. It has empowered Schroders’ Security team to get automated insight into potential vulnerabilities and remediation activities.


Together Schroders and Panaseer also agreed on metrics to summarize the effectiveness of vulnerability remediation actions in order to report to senior stakeholders, such as the Global Technology Risk Committee.


Previously this monthly report had been completed manually. The report is now automated, and demonstrates impact, progress and next step actions to improve security posture. Recent examples of this include the deployment and rollout of new critical endpoint protection software and focused patching efforts to upgrade certain software.


Also, by increasing the consistency of information, they can ensure that all users and stakeholders reference the same underlying trusted data. 
This ability to work from an agreed single source of trusted data has improved team performance and cross functional engagement.

The future

Both Security and IT teams at Schroders are invested in continuing to evolve the depth of insight provided by Panaseer and are currently expanding out the use cases to also include Patch Management Analytics, Application Security, Access Management and other data-driven insights

If you would like to know more about the benefits of Continuous Controls Monitoring, drop us a line at: contact@panaseer.com

Related case studies

View all case studies