国防承包商弥补 GRC 差距并获得高管对风险暴露的可见性
公司规模
Large Corporate
地区
- America
国家
- United States
产品
- HighBond solutions
- IT Risk Management
- Threat and Vulnerability Management
技术栈
- Tenable Security Center
实施规模
- Enterprise-wide Deployment
影响指标
- Productivity Improvements
- Digital Expertise
技术
- 应用基础设施与中间件 - API 集成与管理
适用行业
- 国家安全与国防
适用功能
- 商业运营
用例
- 网络安全
- 监管合规监控
服务
- 云规划/设计/实施服务
- 网络安全服务
关于客户
客户是一家领先的国防承包商,专门提供用于收集、处理和理解传感器数据的端到端解决方案。他们拥有成功的业绩记录,并以其全面的解决方案而闻名。然而,他们在治理、风险和合规性 (GRC) 领域面临着重大挑战。该公司曾使用手动电子表格流程进行风险评估,但这种方式不可扩展,并且很难报告评估结果。缺乏自动报告功能使得公司领导层难以清楚了解所跟踪风险的状态。漏洞管理团队还缺乏推动问责制和及时补救问题的机制。作为政府承包商,该公司必须满足多项联邦法规和标准,包括 NIST 800-171。
挑战
尽管一家领先的国防承包商在提供端到端解决方案以收集、处理和理解传感器数据方面取得了成功,但他们在与治理、风险和合规性 (GRC) 相关的几个关键领域仍存在重大差距。他们曾利用手动电子表格流程进行风险评估,这几乎不可能扩大覆盖范围并报告评估结果。缺乏自动报告功能使领导层难以真正了解所跟踪风险的状态,漏洞管理团队也没有机制来推动问责制和及时解决问题。他们还难以证明他们的 GRC 策略如何融入所需的政策、程序和控制。此外,作为政府承包商,他们必须满足许多联邦法规和标准,包括 NIST 800-171。
解决方案
该组织向 Diligent 寻求帮助,以实现两个主要目标:标准化其业务流程,以及提高高管层对风险暴露领域的可见性。该解决方案需要基于云,满足严格的 GovCloud 安全要求,并提供管理各种功能工作流程所需的灵活性和多样性,并提供风险信息的综合视图。为了实现这些目标,他们实施了 HighBond 解决方案,包括 IT 风险管理和威胁与漏洞管理。该组织使用协调的内容创建了一个通用的控制框架。这使他们能够将上游政策和程序与下游风险评估和其他监控活动同步。他们使用 IT 风险管理灵活的基于记录的评估问题库自动执行 NIST 800-171 评估。通过使用与 Tenable Security Center 的开箱即用集成,该组织提高了管理层对开放漏洞的可见性,并使 IT 人员能够更及时地进行补救。HighBond 灵活的数据模型帮助该组织确保组织的所有政策、程序、标准、控制和评估活动都有合法依据。
运营影响
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
Case Study
Enhancing Security Precision with IoT: A Case Study of Guardsman Group
Guardsman Group, a leading security company in the Caribbean, faced a significant challenge in maintaining the security of its digital infrastructure. The company provides security equipment, personnel, and systems for various businesses across the region. However, one of its offices experienced a security incident that affected all communications at that location. The existing security tools were not sufficient to provide the necessary protection, and it took hours to identify the source of the issue. This incident highlighted the need for a dynamic solution that could proactively identify threats. The company's primary concern was any disruption to its business, as it manages a significant portion of Jamaica's money and cannot afford for its operations to go down.
