A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

The CyberRisk Summit is back! RSVP for free for our live event | November 20 >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo

A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

The CyberRisk Summit is back! RSVP for free for our live event | November 20 >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo
Get a demo

case study

How Origami Risk tackled exposure risk with Vulcan Cyber

Discover how Origami Risk leveraged the Vulcan Cyber ExposureOS to enhance exposure management, optimize operations, and boost cross-functional collaboration to reduce critical risk across the organization.  
 

GET A DEMO
About Origami Risk

About Origami Risk


Origami Risk is a leading provider of integrated cloud-based SaaS solutions for the risk and insurance industry. Based in Chicago, Illinois, the company serves hundreds of customers in over 10 countries.

The Origami Risk product security team utilizes various methods and tools for proactive remediation of security vulnerabilities; including multiple vulnerability scanners, secret scanning tools, SAST, DAST, threat modeling, internal and external penetration testing, SaaS scanners, and more.

In addition, they use Jira for collaborating with remediation owners across IT and engineering departments.

They were looking for a solution that could offer seamless integration with their existing security tech stack and enable them to aggregate their siloed data and manage all vulnerabilities from one place. 

 

Watch the full conversation >>

 

The challenge


With no efficient security program in place, Origami Risk struggled to keep up with their massive vulnerability backlog. Their scattered portfolio of scanners and security tools generated plenty of findings, but also a great deal of noise, leading to duplications and data silos that limited their ability to prioritize vulnerabilities based on actual business risk.  

This siloed approach led to time-consuming manual work of identifying and prioritizing vulnerabilities from dozens of different sources, resulting in misallocated efforts and increased time-to-remediation. 


Data silos hinder the remediation process 


Lastly, using siloed data from different tools made it difficult to track progress and communicate risk to relevant stakeholders and leadership, blocking proper resource allocation and buy-in from the rest of the organization.


Ultimately, Origami Risk faced four major challenges:  

  • Fragmented and duplicated security data  
  • Inefficient vulnerability management processes  
  • Arbitrary risk scores that didn’t reflect actual business risk  
  • Difficulty providing analytics and metrics to stakeholders and leadership.

 

To overcome these challenges, Origami Risk turned to Vulcan Cyber to implement a comprehensive solution that streamlined their security operations and enhanced their overall exposure risk management.

Want to see how your organization can benefit from the Vulcan Cyber ExposureOS? Book a demo today >>

The solution


Origami Risk sought a solution that would enable them to manage all vulnerabilities from one place, facilitate contextualized prioritization, streamline remediation efforts, and provide comprehensive reports to communicate risk to various stakeholders. 

Vulcan Cyber met these needs to a tee. 

Using off-the-shelf integrations, Origami Risk could rapidly connect to their existing security tools without any cumbersome customizations. This allowed the security team to consolidate their scattered security data into a unified platform, eliminating data silos and providing a clear view of their vulnerabilities and assets.  

As a further measure to ensure data hygiene, Origami Risk used Vulcan Cyber to reduce data noise by: 

  • Deduplicating assets from multiple sources 
  • Clustering vulnerabilities to allow bulk actions


This approach eliminated redundant findings and made it easier to prioritize and act on critical risk. 

For effective risk-based prioritization that would allow Origami Risk to focus on critical vulnerabilities first, Vulcan Cyber provided data enrichment and customized tagging capabilities, including: 

  • Business impact based on organizational structures  
  • Asset exposure to risk
  • Threat intelligence


In addition, to ensure that prioritized vulnerabilities are addressed swiftly and efficiently within the SLA, Vulcan Cyber streamlined the security team’s collaboration with remediation owners and automated the remediation process through: 

  • Automated workflows for remediation campaigns 
  • Remediation guidance and context
  • Tracking of remediation progress and SLA compliance 


Finally, Origami Risk could transform reporting and analytics from a cumbersome and time-consuming task into a simple and intuitive experience. With the click of a button, the security team could utilize ready-made reports tailored to different audiences and use cases to simplify communication and improve decision-making. 

 

Overall, the solution delivered to Origami Risk allowed them to: 

  • Set up a single source of truth for all security data 
  • Establish a contextualized prioritization process based on business impact and threat intelligence 
  • Facilitate better collaboration with remediation owners within the SLA 
  • Enhance their risk reporting capabilities 

With these capabilities in place, Origami Risk was well-equipped to tackle their security challenges head-on.

 

The results


One of the greatest advantages of implementing the Vulcan Cyber ExpousreOS, is having all data consolidated on a single platform, and relieving the team of having to juggle between dozens of separate security systems. 

This data hygiene, together with relevant data enrichment, has transformed Origami Risk’s prioritization process, allowing them to allocate resources properly and ensure critical risks are mitigated in time.


Collaboration with remediation owners has also been streamlined thanks to automated campaigns integrated with Jira, and full remediation guidance and context.  
 
Key results: 

  • Streamlined security operations 
  • Reduced MTTR 
  • Improved cross-functional collaboration 
  • Better security posture 


Last but not least, Origami Risk saw a significant ROI from the Vulcan Cyber reporting capabilities. Ready-made reports covering consolidated data from across attack surfaces allowed the security team to get a real-time view of their security posture, track their security programs, and efficiently communicate risk across – and outside – the organization.  
 
Some of their most utilized reports include:

  • CISO leadership report – providing an accurate snapshot of everything at once.  
  • SLA report – tracking SLAs to ensure timely remediation.  
  • Exposure report – keeping up with the organization’s risk exposure based on threat intelligence.  

 

Next steps


Going forward, Origami Risk are looking forward to enhancing their reporting capabilities even further with custom reports for specific teams, and utilizing the risk acceptance feature to accept non-critical risk and focus their remediation efforts where they are truly needed.

 

Want to learn more?

Explore how the Vulcan Cyber ExposureOS can help your organization enhance its exposure management program and keep your critical assets secure. Book a demo here.

The Mandiant Challenge

Nisl aliquam lectus placerat augue adipiscing congue

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Mauris id nulla amet ut lectus. Sociis est sit habitant aliquam rutrum in ultrices. Est egestas bibendum pellentesque adipiscing. Iaculis mauris justo blandit viverra mauris, nunc. Faucibus ac lorem nibh eget dolor, rutrum ipsum. Nulla in neque porttitor viverra dolor amet at. Enim, elementum, ultrices netus non egestas pretium condimentum. Malesuada maecenas vulputate interdum suspendisse vestibulum purus sed in facilisis. Dignissim tellus dictum dictumst aliquam elit amet orci.

Nisl aliquam lectus placerat augue adipiscing congue

Id cursus ipsum nibh vitae. Ut fringilla amet, amet, et non congue aliquam et tempor. Risus id feugiat pretium porttitor augue eget auctor fusce. Auctor tortor massa orci vel nam id in sagittis, in. Porta sit in elementum dictum fermentum, id. Bibendum molestie bibendum tincidunt nullam blandit suscipit nisl, magna. Tortor vel elit ultrices pretium a sit rutrum.

Consequat tellus donec tortor et nibh at elementum adipiscing nisl

Et faucibus justo, quis mauris amet, in placerat.

Euismod auctor blandit ullamcorper ante sagittis, sodales risus bibendum. Turpis sed nunc nibh adipiscing dis in sed. Amet non eros sed mi risus. Diam consequat vel, vitae, justo, ultrices. Viverra nisl urna sed quam venenatis mauris rhoncus. Rhoncus libero sapien, at vitae sed viverra lacus aenean. Et arcu vivamus eu imperdiet morbi turpis senectus. Orci, morbi sodales aliquam at orci vestibulum phasellus. risus amet metus ultrices turpis ante. Sodales mollis donec lectus eleifend etiam faucibus justo, aliquet. Elit, elementum diam aenean hac purus vitae sodales in. At ut faucibus habitant posuere. Facilisi nibh posuere elit gravida molestie nulla.

Malesuada in sed ac quis egestas venenatis

1. Vitae, est, egestas ipsum

consectetur sodales ut ullamcorper. In amet mauris commodo aliquam ut. Orci varius rutrum fringilla elementum lorem turpis pellentesque posuere tellus. Ipsum, viverra molestie lobortis nec cras vestibulum vivamus nunc. Amet sollicitudin pharetra, ac, diam, donec ridiculus iaculis interdum. Amet tincidunt fusce metus at. Risus viverra lobortis eu nunc in. Sed lorem non sit mauris elit.

Description for image

Et faucibus justo, quis mauris amet, in placerat

Euismod auctor blandit ullamcorper ante sagittis, sodales risus bibendum. Turpis sed nunc nibh adipiscing dis in sed. Amet non eros sed mi risus. Diam consequat vel, vitae, justo, ultrices. Viverra nisl urna sed quam venenatis mauris rhoncus. Rhoncus libero sapien, at vitae sed viverra lacus aenean. Et arcu vivamus eu imperdiet morbi turpis senectus. Orci, morbi sodales aliquam at orci Dui link luctus metus ultrices turpis ante. Sodales mollis donec lectus eleifend etiam faucibus justo, aliquet. Elit, elementum diam aenean hac purus vitae sodales in. At ut faucibus habitant posuere. Facilisi nibh posuere elit gravida molestie nulla.

Vulcan Cyber Benefits

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

About Mandiant

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Challenge

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Solution

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Results

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

Want to hear more?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent neque ut malesuada elementum scelerisque eget. Risus sapien mauris velit morbi quam ultrices. Amet adipiscing libero fusce elementum rhoncus vitae cras. Quis at sit ipsum, eros, eu, tellus nunc. Leo, risus amet, sed feugiat blandit feugiat urna. Et consectetur turpis habitant senectus eget. Viverra magna ac nunc augue posuere id suscipit et.

People also read

7 stages of the vulnerability management lifecycle How-to guides 7 stages of the vulnerability management lifecycle Feb 05, 2024
“Ideal for an overwhelmed security team” – how Vulcan Cyber mitigates vulnerability risk Vulcan product “Ideal for an overwhelmed security team” – how Vulcan Cyber mitigates vulnerability risk Apr 15, 2024
Vulnerability management metrics in 2024: the ultimate guide How-to guides Vulnerability management metrics in 2024: the ultimate guide Sep 10, 2024
CRS November 2024