Defense Contractor Closes GRC Gaps and Gains Executive Visibility Into Risk Exposure
Customer Company Size
Large Corporate
Region
- America
Country
- United States
Product
- HighBond solutions
- IT Risk Management
- Threat and Vulnerability Management
Tech Stack
- Tenable Security Center
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Productivity Improvements
- Digital Expertise
Technology Category
- Application Infrastructure & Middleware - API Integration & Management
Applicable Industries
- National Security & Defense
Applicable Functions
- Business Operation
Use Cases
- Cybersecurity
- Regulatory Compliance Monitoring
Services
- Cloud Planning, Design & Implementation Services
- Cybersecurity Services
About The Customer
The customer is a leading defense contractor that specializes in delivering end-to-end solutions for collecting, processing, and understanding sensor data. They have a successful track record and are known for their comprehensive solutions. However, they were facing significant challenges in the areas of governance, risk, and compliance (GRC). The company had resorted to using manual spreadsheet processes for risk assessments, which was not scalable and made reporting on assessment results difficult. The lack of automated reporting made it hard for the company's leadership to get a clear picture of the status of risks being tracked. The vulnerability management team also lacked a mechanism to drive accountability and timely remediation of problems. As a government contractor, the company had to meet several federal mandates and standards, including NIST 800-171.
The Challenge
Despite their track record of success in delivering end-to-end solutions for collecting, processing and understanding sensor data, a leading defense contractor had significant gaps in several key areas related to governance, risk and compliance (GRC). They had resorted to leveraging a manual spreadsheet process for risk assessments, which made it nearly impossible to scale coverage and to report on assessment results. The lack of automated reporting capability made it difficult for leadership to get a true picture of the status of risks being tracked, and the vulnerability management team had no mechanism to drive accountability and timely remediation of problems. They also had difficulty demonstrating how their GRC strategy incorporated into required policies, procedures and controls. Additionally, as a government contractor, they had a number of federal mandates and standards to meet—including NIST 800-171.
The Solution
The organization turned to Diligent for help reaching two primary goals: standardizing their business processes, and gaining greater executive-level visibility into areas of risk exposure. The solution needed to be cloud-based, meet strict GovCloud security requirements, and provide the flexibility and the diversity needed to manage various functional work processes with consolidated views of risk information. To meet these goals, they implemented HighBond solutions, including IT Risk Management and Threat and Vulnerability Management. The organization used the harmonized content to create a common control framework. This allowed them to sync upstream policies and procedures with downstream risk assessment and other monitoring activities. They automated NIST 800- 171 assessments using IT Risk Management’s flexible records-based assessment question library. By using the out-of-the-box integration with Tenable Security Center, the organization increased management visibility into open vulnerabilities and enabled timelier remediation by IT personnel. HighBond’s flexible data model helped the organization ensure a legal basis within all of the organization’s policies, procedures, standards, controls, and assessment activities.
Operational Impact
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
Case Study
Enhancing Security Precision with IoT: A Case Study of Guardsman Group
Guardsman Group, a leading security company in the Caribbean, faced a significant challenge in maintaining the security of its digital infrastructure. The company provides security equipment, personnel, and systems for various businesses across the region. However, one of its offices experienced a security incident that affected all communications at that location. The existing security tools were not sufficient to provide the necessary protection, and it took hours to identify the source of the issue. This incident highlighted the need for a dynamic solution that could proactively identify threats. The company's primary concern was any disruption to its business, as it manages a significant portion of Jamaica's money and cannot afford for its operations to go down.
