Advisory Financial Services Client Story

Managing a Suite of Periodic Network & Application Security Assessments

A financial services Client sought Security Compass’s expertise to help manage a complex set of network and application security assessments, with the goal of tracking and monitoring improvements to their security program over time.

USA
Financial Services

Practice Areas
  • Periodic Security Assessments and Delta Analysis
  • Web Application Security Assessment
  • Network Security Assessment
  • Red Team / Blue Team / Purple Team Exercises


Our Client’s Challenge:

  • Desire to measure the effectiveness of annual improvements made to their enterprise security program.
  • Seeking expertise in execution of assessments to verify strategic security effectiveness.
  • Assessments coordinated across business units and performed regularly across calendar quarters.
  • Wanted to promote security collaboration within the organization and develop partnerships across internal business units.

Our Approach:

  • Security Compass tailored a profile of assessments for the Client, covering:
    • Monthly web application vulnerability scans executed against a large group of applications. Scan results were used to drive internal analytics for risk reduction.
    • Deep-dive, white-box, web application penetration tests leveraging existing source code. This white-box approach helped to identify complex and hidden business logic vulnerabilities.
    • Internal and external network penetration tests with a focus on manual analysis and direct exploitation against infrastructure, VPNs, mail servers, firewalls, etc.
    • Red team vs. blue team exercises, feeding results from the red team to improve capabilities of internal blue teams.
  • Security Compass recommended gradual, strategic improvements to strengthen the Client’s security program.

The Result:

  • Security Compass has helped drive strategic, material improvements to our Client’s security posture over years of providing advisory and verification services.
  • Annually, as identified risks were addressed and security controls optimized, Security Compass worked with our Client to perform more targeted, advanced assessments, such as red team exercises to validate the effectiveness of implemented controls and to protect our Client’s investments.
  • Our Client was able to measure and benchmark the level of annual improvements as a result of recurring assessments. We provided our Client the knowledge to drive informed decisions in support of enterprise-wide strategic efforts to enhance the company’s overall security posture and reduce regulatory risk.
We provided our Client the knowledge to drive informed decisions in support of enterprise-wide strategic efforts to enhance the company’s overall security posture and reduce regulatory risk.

Back to Client Stories

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other

Security Compass Logo