The customer was seeking to partner with a supplier who can provide industry leading expertise in the field of vulnerability management and create a common foundation of vulnerability management services for all group companies. The client wanted the supplier to act as a leader of this service by maintaining, managing and adding continual service improvements through the duration of the contract.
The client is one of the world's largest airline groups with 598 aircraft flying to 279 destinations and carrying around 118 million passengers each year. It is a Spanish registered company with it’s headquarter in London.
The customer has various operating companies under its umbrella. The vulnerability management and patch management for these OpCos was managed by different suppliers. Due to this, the customer did not have complete visibility of the environment risk. The customer was also facing issues with the PCIDSS audits due to in-efficient vulnerability management by its suppliers. The customer had a very high number of false positive vulnerabilities identified in each scan and a longer patching cycle which extended to 90+ days. The customer wanted partner to deliver the services using customer’s existing tools and co-ordinate with the existing vendor for penetration testing.
Partnering with the client, we successfully provided the needed solution and standardized and automated the Vulnerability Management process: