Advisory Financial Services Client Story

Managing a Suite of Network and Application Security Assessments for a Financial Services Client

A financial services Client sought Security Compass’s expertise to help manage a complex set of network and application security assessments, with the goal of tracking and monitoring improvements to their security program over time.
Read our other Financial Services Client Stories.

USA
Financial Services

Practice Areas
  • Periodic Security Assessments and Delta Analysis
  • Web Application Security Assessment
  • Network Security Assessment
  • Red Team / Blue Team / Purple Team Exercises


Our Client’s Challenge:

  • Desire to measure the effectiveness of annual improvements made to their enterprise security program.
  • Seeking expertise in execution of assessments to verify strategic security effectiveness.
  • Assessments coordinated across business units and performed regularly across calendar quarters.
  • Wanted to promote security collaboration within the organization and develop partnerships across internal business units.

Our Approach:

  • Security Compass tailored a profile of assessments for the Client, covering:
    • Monthly web application vulnerability scans executed against a large group of applications. Scan results were used to drive internal analytics for risk reduction.
    • Deep-dive, white-box, web application penetration tests leveraging existing source code. This white-box approach helped to identify complex and hidden business logic vulnerabilities.
    • Internal and external network penetration tests with a focus on manual analysis and direct exploitation against infrastructure, VPNs, mail servers, firewalls, etc.
    • Red team vs. blue team exercises, feeding results from the red team to improve capabilities of internal blue teams.
  • Security Compass recommended gradual, strategic improvements to strengthen the Client’s security program.

The Result:

  • Security Compass has helped drive strategic, material improvements to our Client’s security posture over years of providing advisory and verification services.
  • Annually, as identified risks were addressed and security controls optimized, Security Compass worked with our Client to perform more targeted, advanced assessments, such as red team exercises to validate the effectiveness of implemented controls and to protect our Client’s investments.
  • Our Client was able to measure and benchmark the level of annual improvements as a result of recurring assessments. We provided our Client the knowledge to drive informed decisions in support of enterprise-wide strategic efforts to enhance the company’s overall security posture and reduce regulatory risk.
We provided our Client the knowledge to drive informed decisions in support of enterprise-wide strategic efforts to enhance the company’s overall security posture and reduce regulatory risk.

Back to Client Stories

Contact Us

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.

Opt-In for Future Communications

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other

By submitting your information, you are agreeing to the
Security Compass Terms of Service & Privacy Policy