RedSeal

Success Story: R.L. Polk & Company

Premier provider of automotive information and marketing solutions.

Challenge

Based in Southfield, Michigan, R.L. Polk & Company (www.polk.com) is the premier provider of information and marketing solutions to the automotive and related industries. With operations in nine countries around the globe, Polk's customers include household names in automotive and commercial vehicle manufacturing, dealers, aftermarket products, finance and insurance agencies, and government agencies.

Because Polk gathers and interprets sensitive data for its customers, the security of that information is of utmost importance. Customers want assurance that Polk has taken the necessary precautions to keep their information safe from cyber attacks and other security threats. "Our customers need to know that we are managing security on the network appropriately and that we are not taking on an unnecessary level of risk," says Ethan Steiger, Chief Security Officer at Polk. "Plus, we must also be able to prove the security of our network in the event of an audit."

But Polk's existing process for understanding its level of network risk was manual and time-consuming. "We had to export the firewall rule sets to a spreadsheet to analyze them and find rules that exposed us to unnecessary risk," recalls Steiger. "It was like finding a needle in a haystack—and it wasted an enormous amount of time."

Solution

In mid-2006, Steiger decided to search for a tool that would automate Polk's security risk management process and give his team the information they required to improve business decision-making and the company's security posture. After evaluating several options, Steiger and his team settled on RedSeal Systems' software to streamline and automate its risk management process and prepare for compliance audits.

Once the decision was made to go with RedSeal, deploying the solution on Polk's global network was simple and painless. Recalls Steiger, "We put it on the network, pointed it to the network resources, and it was up and running in no time—there were no surprises."

Almost immediately, RedSeal demonstrated its value to the company. "RedSeal helps us solve one of our most daunting security challenges — making sure that the network only allows the access that is absolutely necessary for the business," comments Steiger. "RedSeal finds firewall inaccuracies instantly and automatically, so all we have to do is send a request to the firewall team to eliminate or edit the rule."

RedSeal also helped Steiger prioritize and take action on the results of Polk's vulnerability scanning. Notes Steiger, "RedSeal enables us to understand whether or not a risk is real. We can correlate the vulnerabilities with network access, which enables us to make more intelligent decisions. Whereas other products rely on guesses, RedSeal uses real data to make real recommendations."

Plus, RedSeal is helping the company in its ISO 27001 Certification efforts. "One of the requirements of becoming ISO-certified is that you must show a model of continuous improvement in your security posture," Steiger says. "RedSeal allows us to run reports of our threat profile on a weekly basis, thereby demonstrating our ongoing improvement."

Results

When asked about specific benefits of using the RedSeal solution, Steiger enthusiastically points to both time and cost savings. "In the past, if the CIO asked me for a report of the various exposure points on the network, I had to do it manually. It would take many hours of not only my time, but also my staff's time," says Steiger. "With RedSeal, I can compile and present the report in less than 20 minutes. That's a huge savings for us."

In terms of cost savings, Steiger is just as enthusiastic about RedSeal's contribution. He says, "Historically, Polk has hired third-party penetration testers to help pinpoint potential exposure points on our network. With RedSeal augmenting this testing, we save consulting dollars, because we don't need to hire third-parties as frequently. And in this economy, where budgets are tight, RedSeal gives us a significant edge."

Beyond the time and cost savings, Steiger says RedSeal gives Polk a competitive edge. "Our ability to give customers tangible assurance that our network is secure and we are not taking on unnecessary risk is invaluable. That translates to customer loyalty, peace of mind, and, of course, increased revenues. That's the real value that RedSeal provides to Polk," concludes Steiger.