How Hill & Smith Holdings PLC Achieved Comprehensive Vulnerability Management
When Hill & Smith Holdings PLC wanted to get a better understanding of the organizational risk of its internet-facing assets, it had to overcome a big hurdle: not enough time to tackle every threat.
Making a change was the only answer – and augmenting the organization's security capabilities with Intruder played an integral role in the solution. Here's what Sam Ainscow, Group CISO for Hill & Smith, revealed in a recent chat about his experience.
Intruder Made it Simple to Achieve Broader and Continuous Coverage
It's no secret that automation offers IT security divisions a major edge. Limited resources demand tools that lighten the workload so that the humans in charge can take a more proactive approach to security and place greater focus on business critical tasks. At the same time, such tools must be up to the challenge.
"When we needed to go way beyond the usual programmatical scans offered by tools like Nessus from Tenable, Intruder really let us enumerate the services behind IPs and find vulnerabilities and weaknesses that were previously hidden," said Sam. "Going in, we simply wanted to get an understanding of the organizational risks associated with the services we made available online. The open-source intelligence we received with Intruder dramatically broadened our threat awareness."
Hill & Smith Became Better Informed About their External Attack Surface
A lack of visibility was one of Hill & Smith's biggest challenges – as good as some scanning tools may be, they will often only perform searches on the assets they’ve been made aware of. In a situation where it’s almost impossible to keep track of every new change to a system, this can be hugely problematic.
Intruder seeks out additional assets that may be in use to provide a full picture of the vulnerabilities that exist.
"Maybe 1 percent of businesses already have everything they need in-house. Intruder is for the other 99 percent, the ones that need to empower decision-makers with a real-world understanding of the risks associated with their external attack surfaces at any given moment."
How Utilizing Intruder Reduced Response Times
New security threats can emerge every few hours, but responses often take far longer. Switching to Intruder transformed the way Hill & Smith handled infrastructure security weaknesses for the better. With a team of dedicated security experts constantly hunting for dangerous vulnerabilities, Intruder fills the gap that exists with point-in-time penetration tests, and provides Hill & Smith with a strong overview and protection of their systems. Problems are uncovered and advisories are raised within hours, ultimately letting them implement fixes within days.
On top of remediating critical threats more quickly, the decision to use Inrtruder made it easier for Hill & Smith to be better informed about its security stance as these events developed:
"That daily or multiple-times-a-week email you get from the emerging threat scan is almost worth the price of the service itself," noted Sam.
"When the latest vulnerability comes along, seeing the report's big green tick gives you a huge amount of reassurance as a CISO."
Wake Up to a Fresher Security Outlook
Hill & Smith's approach to continuously improving their comprehensive vulnerability oversight is just one example of how enterprises are increasingly rethinking their security practices from the ground up. The dark ages of confusing, gap-ridden threat management practices are giving way to a new method of conceptualizing, analyzing, and fighting problems – one that gives you continuous peace of mind without requiring extensive resource investment.
Other success stories
.png)
