An anonymous intelligence agency had a problem.
Their vulnerability assessment program was expensive and sub-optimal. The program was run by two internal employees and 16 contractors. Going to data center to data center, each assessment could take anywhere from 2 months to a full year to conduct.
First, they had to inventory each data center and find all the configuration files. Then they had to review each set up to make sure they were updated and had applied best security practices. At that point, they could create a network map.
Using the map, they could then begin to manually analyze the network for vulnerabilities. Given time and resource constraints, the team was forced to triage. Ignoring medium and low level vulnerabilities, they focused on a short list of the most critical.
Of course, by the time they completed their analysis, the whole network had changed. The network map was merely a snapshot in time. Plus, the vulnerability assessment reports didn’t include leapfrogs to move deeper into the network.
The agency realized that getting one or two reports per year on a network that had already changed — at a cost of $5 million — was not a situation that could continue.
After researching various cybersecurity tools and getting a glowing review from other cyber teams in the government, the agency’s cybersecurity team realized that RedSeal was the solution they needed. RedSeal’s continuous monitoring of the config files on the network means that the network map is never out of date. Experts at In-Q-Tel were brought to review RedSeal. Approval was quickly given. On a Monday, their engineers told RedSeal, “We want it on Friday!”
Now, after deploying RedSeal agency wide and setting up 14 instances, they conduct continuous assessments year round across all data centers. After five years, customer feedback has been 100% positive, “We realize now that we can’t leverage the other cybersecurity tools unless we have RedSeal. RedSeal is core to our cybersecurity and vulnerability management operations.”
Do you have a problem with your time consuming manual vulnerability assessment program? Click here to set up a free trial of RedSeal and choose the better way.
RedSeal software is the best way to measure and manage the digital resilience of your network.
Get a PDF of this article. US Intelligence Agency: Clear ROI