For the financial industry, and in the world of payment tools specifically – cyber risk is a matter of business risk. With constant changes in technology, regulations, and security requirements adding to the overall complexity, it can be difficult to reduce the growing attack surface risk effectively.
Faced with these challenges, a prominent enterprise payment platform turned to the Vulcan Cyber ExposureOS to overcome vulnerability data overload and reduce risk across the organization.
The challenge
- Many types of data, assets and vulnerabilities from different sources – hosts, code projects, websites, images, etc.
- Lack of unified view for all risk and remediation progress
- 20,000+ vulnerabilities, of which over 1500 were critical
- Fintech company, highly regulated
The Vulcan Cyber solution
- Centralization of assets and vulnerabilities in one place
- Remediation management across different teams and automatically
- Customized reports
- Critical risk reduction by 50%
The financial industry at a glance
- In 2023, the number of ransomware attacks in the finance industry surged by 64%, and was nearly double the 2021 level [Sophos]
- Financial services organizations already hold 20% more data than those in other sectors [security group Rubrik]
- Data breaches cost the finance sector the second highest costs amongst all others at $5.9 million [IBM]
The situation
The client’s environment comprised different types of assets (20,500) of which 88% were hosts, 9% code projects, 1% websites, and 2% images. This information came from eight different integrations (connectors) which the client added to the Vulcan Cyber platform.
The number of critical vulnerabilities was above 1500 and the team did not know which remediation tasks to prioritize – nor how to prioritize them. Moreover, reporting remediation progress to other stakeholders presented its own challenges.
The process
- Making use of the Vulcan Cyber ExposureOS, the company implemented a risk script that heavily leveraged threat intelligence feeds and that reduced dramatically critical vulnerabilities.
- The client built 28 playbooks (automated workflows) and are currently running 75 remediation campaigns, having already closed 160 campaigns. They also ran end-of-life campaigns using playbooks.
The results
|
Number of critical vulnerabilities
The absolute number of critical and high vulns across all attack surfaces.
|
SPR (Security Posture Rating)
The % of assets that are risk-compliant, within all scanned assets.
|
Risk Mass
The sum of all the calculated atomic risks of all vulnerability instances at a given time.
|
Before Vulcan Cyber
|
1600 vulnerabilities
|
45%
|
20.7M
|
After Vulcan Cyber
|
853 vulnerabilities
|
49%
|
15.7M
|
Vulcan Cyber for financial services
Vulcan Cyber is used by leading financial services institutions such as Travelers and Paystack to understand and reduce vulnerability risk across all attack surfaces. The Vulcan Cyber ExposureOS is designed to help information security teams aggregate, correlate, prioritize and remediate exposure risk from one platform.
See for yourself. Get a demo today.