About Origami Risk
Origami Risk is a leading provider of integrated cloud-based SaaS solutions for the risk and insurance industry. Based in Chicago, Illinois, the company serves hundreds of customers in over 10 countries.
The Origami Risk product security team utilizes various methods and tools for proactive remediation of security vulnerabilities; including multiple vulnerability scanners, secret scanning tools, SAST, DAST, threat modeling, internal and external penetration testing, SaaS scanners, and more.
In addition, they use Jira for collaborating with remediation owners across IT and engineering departments.
They were looking for a solution that could offer seamless integration with their existing security tech stack and enable them to aggregate their siloed data and manage all vulnerabilities from one place.
Watch the full conversation >>
The challenge
With no efficient security program in place, Origami Risk struggled to keep up with their massive vulnerability backlog. Their scattered portfolio of scanners and security tools generated plenty of findings, but also a great deal of noise, leading to duplications and data silos that limited their ability to prioritize vulnerabilities based on actual business risk.
This siloed approach led to time-consuming manual work of identifying and prioritizing vulnerabilities from dozens of different sources, resulting in misallocated efforts and increased time-to-remediation.
Data silos hinder the remediation process
Lastly, using siloed data from different tools made it difficult to track progress and communicate risk to relevant stakeholders and leadership, blocking proper resource allocation and buy-in from the rest of the organization.
Ultimately, Origami Risk faced four major challenges:
- Fragmented and duplicated security data
- Inefficient vulnerability management processes
- Arbitrary risk scores that didn’t reflect actual business risk
- Difficulty providing analytics and metrics to stakeholders and leadership.
To overcome these challenges, Origami Risk turned to Vulcan Cyber to implement a comprehensive solution that streamlined their security operations and enhanced their overall exposure risk management.
Want to see how your organization can benefit from the Vulcan Cyber ExposureOS? Book a demo today >>
The solution
Origami Risk sought a solution that would enable them to manage all vulnerabilities from one place, facilitate contextualized prioritization, streamline remediation efforts, and provide comprehensive reports to communicate risk to various stakeholders.
Vulcan Cyber met these needs to a tee.
Using off-the-shelf integrations, Origami Risk could rapidly connect to their existing security tools without any cumbersome customizations. This allowed the security team to consolidate their scattered security data into a unified platform, eliminating data silos and providing a clear view of their vulnerabilities and assets.
As a further measure to ensure data hygiene, Origami Risk used Vulcan Cyber to reduce data noise by:
- Deduplicating assets from multiple sources
- Clustering vulnerabilities to allow bulk actions
This approach eliminated redundant findings and made it easier to prioritize and act on critical risk.
For effective risk-based prioritization that would allow Origami Risk to focus on critical vulnerabilities first, Vulcan Cyber provided data enrichment and customized tagging capabilities, including:
In addition, to ensure that prioritized vulnerabilities are addressed swiftly and efficiently within the SLA, Vulcan Cyber streamlined the security team’s collaboration with remediation owners and automated the remediation process through:
- Automated workflows for remediation campaigns
- Remediation guidance and context
- Tracking of remediation progress and SLA compliance
Finally, Origami Risk could transform reporting and analytics from a cumbersome and time-consuming task into a simple and intuitive experience. With the click of a button, the security team could utilize ready-made reports tailored to different audiences and use cases to simplify communication and improve decision-making.
Overall, the solution delivered to Origami Risk allowed them to:
- Set up a single source of truth for all security data
- Establish a contextualized prioritization process based on business impact and threat intelligence
- Facilitate better collaboration with remediation owners within the SLA
- Enhance their risk reporting capabilities
With these capabilities in place, Origami Risk was well-equipped to tackle their security challenges head-on.
The results
One of the greatest advantages of implementing the Vulcan Cyber ExpousreOS, is having all data consolidated on a single platform, and relieving the team of having to juggle between dozens of separate security systems.
This data hygiene, together with relevant data enrichment, has transformed Origami Risk’s prioritization process, allowing them to allocate resources properly and ensure critical risks are mitigated in time.
Collaboration with remediation owners has also been streamlined thanks to automated campaigns integrated with Jira, and full remediation guidance and context.
Key results:
- Streamlined security operations
- Reduced MTTR
- Improved cross-functional collaboration
- Better security posture
Last but not least, Origami Risk saw a significant ROI from the Vulcan Cyber reporting capabilities. Ready-made reports covering consolidated data from across attack surfaces allowed the security team to get a real-time view of their security posture, track their security programs, and efficiently communicate risk across – and outside – the organization.
Some of their most utilized reports include:
- CISO leadership report – providing an accurate snapshot of everything at once.
- SLA report – tracking SLAs to ensure timely remediation.
- Exposure report – keeping up with the organization’s risk exposure based on threat intelligence.
Next steps
Going forward, Origami Risk are looking forward to enhancing their reporting capabilities even further with custom reports for specific teams, and utilizing the risk acceptance feature to accept non-critical risk and focus their remediation efforts where they are truly needed.
Want to learn more?
Explore how the Vulcan Cyber ExposureOS can help your organization enhance its exposure management program and keep your critical assets secure. Book a demo here.
