The challenge
With an extensive network of offices worldwide, our client, who is one of the top five largest luxury retailers in the world, possesses a vast and complex digital infrastructure. To maintain its estate, the client has a number ofregional security teams, who each work with different cyber security vendors to conduct a large number ofpenetration tests each year.
This siloed approach to cyber security presents challenges for the client’s Group Security Team. Manually amalgamating results from different vendors is time-intensive, and it is difficult to track the progress of multiple remediation processes, of which there could be several ongoing at any given time.
The team were concerned that their current way of managing multiple vendors was limiting the speed at which they could action pen test results and resolve issues. The client was determined to find a better solution that could streamline remediation management and accelerate the entire process.
Stephen Shackell, Director of Intelligence and Risk
The solution
The client has transformed the management of its pen testing services using the Rootshell Platform; a vendor-agnostic platform that consolidates and automates remediation management within a single pane of glass.
ThePlatform provides the client with a centralized location for all its pen test results. In just a few clicks, the client can access results from any of its vendors in one consistent format, eliminating the need for manual data handling and relieving the team of repetitive tasks.
The platform’s dashboard provides the client with immediate insight into the progress of its remediation processes. The team can see at a glance how many issues are outstanding or have been remediated, broken down by risk level. They can also assign issues to colleagues straight from the platform and track the progress of remediation efforts against agreed timeframes. Trending data graphs further enhance the client’s situational awareness by illustrating how its security posture is improving as a whole, which is proving far more insightful than viewing results on a vendor-basis. Being able to effortlessly measure the success of its remediation processes also helps the client demonstrate the return-on-investment for vulnerability management to its executives.
One of the most impactful outcomes for the client is the increased speed at which the team can respond to vulnerabilities. Not only have the platform’s powerful automation features made more time available for fixing issues; The Rootshell Platform’s email notifications alert the team as soon as critical issues are added, as testers upload them in real-time.
Rootshell’s platform gives me the visibility to easily understand issues, approve projects, and collaborate with colleagues, so that our remediation process is as streamlined as possible.
Stephen Shackell, Director of Intelligence and Risk
Partnership
Our partnership goes beyond providing the Platform as an excellent remediation management solution. Considered as a valuable extension of our client’s security team, we provided support and consultancy for its regional teams around the world, helped migrate historical results into the platform, and ensured users were successfully onboarded, so they could instantly benefit from the platform’s capabilities.
Key takeaways
- The Rootshell Platform can consolidate vast amounts of penetration testing data, in any format, from any cyber security vendor.
- The platform removes the need for manual data handling by providing a centralized place for results in a unified format.
- The Rootshell Platform’s powerful dashboard gives teams immediate insight into the status of the irremediation processes, empowering teams to respond to critical issues faster.
