A Strategic Approach to defeating Vulnerability Overload

Telecoms & MSSP Firm

Defeating Vulnerability Overload

Client

A large UK-based Telecoms and MSSP provider with an international footprint. Known for its commitment to innovation and reliability, they continues to shape the future of telecommunications with its cutting-edge solutions and exceptional customer service.

Related Services

Trusted Advisor

Infrastructure Security Assessment

Project Detail

The client had developed and was managing a secure network that connected UK central government departments to each other. This network required stringent security measures and needed to adhere to government standards. The environment consisted of three data centres across the UK, each housing numerous systems. External auditors required evidence of the network’s security.

Challenge

The client faced challenges in maintaining and demonstrating the required level of security within the dynamic environment. Regular security assessments were necessary for static components, and any significant changes also required assessments. The process of planning, delivering, and managing the findings of these assessments became overwhelming. The project needed a solution to determine what to test, when to test, how to test, and how to effectively consume the assessment findings.

Solution

Our team was engaged to establish a comprehensive vulnerability management programme, which included:

Framework for CHECK Health Checks: We developed a framework for planning, sourcing, and delivering appropriate security assessments based on the UK government standard. This ensured regular and thorough assessments of the network's security.
Risk Management Framework: We implemented a risk management framework to track security issues throughout their lifecycle. This allowed for efficient management of repeatable and predictable findings and formalised the risk acceptance process. We also created business-focused metrics, reports, and dashboards to provide comprehensive visibility into the security posture.
Awareness Training and Support Knowledgebase: We provided awareness training to the client's team and created a support knowledgebase. This resource supplemented the assessment findings with specific information relevant to the client's environment, facilitating easier and more efficient remediation efforts.

Outcome

The implementation of the vulnerability management program resulted in significant changes and benefits for both security management and the business:

Security Management Benefits: Previously, the project could only manage 3-4 assessments per year, generating 200-300 findings with an average remediation time of 3 months. With the new approach, the project scaled up to 15-20 assessments per year, producing 2000-3000 findings. The average remediation time improved to just 2 weeks, allowing for faster resolution of security issues.
Business Benefits: The project transformed from a challenging and sensitive concern to an efficient, fit-for-purpose environment that exceeded expectations. Government clients could be onboarded more efficiently and in a flexible manner tailored to their unique requirements.

Conclusion

By implementing a robust vulnerability management program, the client achieved a significant improvement in security management and overall business operations. The project demonstrated enhanced compliance with government standards, accelerated remediation timelines, and a more streamlined onboarding process for government clients. The successful outcome not only ensured a secure network but also strengthened the client’s reputation as a trusted provider in the telecoms and MSSP industry.