Industry: Legal
Scope : Global
Size : £417 Million revenue in 2022, employing over 5000 people worldwide
Business Challenge :
Discovery of Security Vulnerabilities, remediation of vulnerabilities. 3rd party Application updates. Resource optimisation, licencing costs. Repeatable measurable vulnerability management program
Solution :
Secure Chain Technology Group VMaaS with Qualys toolset implementation
Large International Law firm Dials into a New, Powerful Vulnerability Management Service.
For improved security and a reduction in operating costs, this leading global Law firm knew it had to move away from decentralized vulnerability scanning and remediation. Secure Chain Technology group has helped them achieve this.
With the increase of complex attacks on business IT systems, and the necessity for sustainable approaches to regulatory compliance, it’s never been more important for organisations to ensure that they have effective vulnerability management programs in place. Also, to make certain that attackers can’t penetrate out of date networks or website configurations to steal corporate data, plant malware, or snag customer account information, effective vulnerability management is one of the best defences against a security breech.
However, its not easy without the right tools. Putting a vulnerability management program in place requires a continuous system management lifecycle, including asset discovery, asset prioritisation, vulnerability assessment, analysis, remediation, fix verification and powerful risk and compliance reporting. This is how organisations can quantify their security progress and proactively maintain the confidentiality, integrity, and availability of their IT systems and sensitive customer information – and keep auditor’s content.
A leading global provider of integrated legal and business services.
Across 8 key sectors they deliver Legal Services, Legal Operations and Business Services which can combine to deliver bespoke solutions for its clients.
Ensuring that the large international law firm’s data and that of its clients is safe and secure is of paramount importance, then consider the size of their infrastructure and the complex environment that is required so service their clients with over 600 servers and over 5000 client PC’s keeping all the assets controlled and consistent was a challenge.
The company was relying on multiple tools and service providers to ensure all systems were monitored and kept up to date.
Now Vulnerability assessments, remediation and compliance scans and reporting are supplied by a VMaaS (Vulnerability Management as a Service) provided by Secure Chain using Qualys as its assessment and remediation platform.
The Move away from ad hoc assessment and remediation
To get there, the team realised they would need a partner and an improved toolset to find and remediate security vulnerabilities. The international law firm chose Secure Chain Technology Group Ltd to implement and manage the new toolset Qualys (VM) and (PM). Qualys was the tool of choice for Secure Chain and the large international law firm due to its powerful automation feature’s allowing for consistent patch management for not only windows OS updates but also 3rd party patch management combined with its powerful Vulnerability assessment and reporting features meant that security vulnerabilities and their remediation could be viewed and managed via a greatly reduced number of toolsets.
Secure Chain Technology Group proposed a tailored Vulnerability Management Program to address the law firm’s specific challenges. The solution Included.
Vulnerability assessments: Regular and through assessments of their Infrastructure to identify and prioritize vulnerabilities based on their severity, asset criticality and potential impact.
Automated scanning tools: Implementation of cutting-edge toolset Qualy’s allowed for automated scanning and discovery of vulnerabilities across the network, including both on-premises and cloud environments.
Patch management: Developing a comprehensive patch management strategy to promptly address identified vulnerabilities, ensuring the timely deployment of security patches and updates.
Compliance Monitoring: Continuous monitoring of regulatory compliance requirements and alignment of vulnerability practices to meet these standards.
Secure Chain Technology Group worked closely with the law firm to implement the Vulnerability Management Program in phases. This involved initial assessments, tool development, policy deployment, and staff training. The program was designed to be scalable and adaptable to the evolving threat landscape.
The results included.
Improved Security Posture: Through continuous monitoring Secure Chain are constantly assessing the Law firm’s environment to ensure there is a prompt response to any updates or remediation that may be required. This includes a 60 day reduction in MTTR
Resource Optimization: Outsourcing vulnerability management to Secure Chain allowed the law firm to focus on core business IT functions, leveraging the expertise of a dedicated team without the need for extensive internal resources.
Enhanced Compliance: The automated compliance monitoring and alignment of vulnerability management practices helped the law firm maintain compliance with various data protection and privacy regulations.
Incident response Efficiency: The managed service played a crucial role in detecting and responding to vulnerabilities minimising the amount of security incidents and minimizing the impact of potential breaches.
By partnering with Secure Chain Technology Group for vulnerability management services, the law firm not only fortified its defences against cyber threats but also achieved regulatory compliance and optimized resource utilization. This case study highlights the importance of proactive vulnerability management in todays complex IT landscape and demonstrates the positive impact of outsourcing these critical services to specialised providers such as Secure Chain Technology group.
