Global Manufacturer Centralizes Vulnerability Management
A major appliance manufacturer serving 160 countries needed a consolidated view of security that their lean team could use to prioritize patching as needed. After implementing the NopSec Unified VRM platform this company realized big benefits in the realms of contextualized alerts, improved resource allocation, and cost savings.
An $18 billion company with more than 50,000 employees. This U.S.-based company serves both residential and commercial appliance markets as a world leader in heating, air-conditioning and refrigeration solutions.
Attack Surface Management Executive: “To be able to drill down on the vulnerabilities automatically and get that information to the correct patching teams for them to patch quickly takes down our overall risk and makes us a little safer.”
Business & Solution Goals
- Improve team capabilities to focus remediation efforts
- Better manage a vast array of vulnerability points
- Provide better trend and KPI snapshot data reports
The company has facilities on six continents with a vast array of potential weak spots in its endpoints, printers, cameras and assorted other items. Operating with a relatively lean security team, the organization needed a way to discern where threats lie and how to prioritize them.
The company had a Qualys scanning system, but required a tool that could help contextualize what the scanner was finding. After reviewing all the major competitors, the company’s attack surface management leader opted for NopSec’s Unifed VRM. With the complexity of the infrastructure, the company assigned separate teams to patch distinct areas: endpoints, main controllers, on-prem, applications, cloud, etc.
Using Unified VRM, the company was able to properly direct each team efficiently, saving time and effort and avoiding unnecessary work.
Customer Benefits & ROI
- Contextualized alerts: With Unified VRM incorporating all relevant factors, the security team had a clear directive on which patches were urgent and took priority and which need not elicit a response.
- Better allocation of resources: With multiple teams assigned to different patch areas, the company avoided using them when their services were not necessary, using them instead when the vulnerability posed notable risks.
- Cost savings: With its global reach and 160 locations, any reduction in time and resources deployed wastefully represented significant reduction in security-related expenditures.