The customer was seeking to partner with a supplier who can provide industry leading expertise in the field of vulnerability management and create a common foundation of vulnerability management services for all group companies. The client wanted the supplier to act as a leader of this service by maintaining, managing and adding continual service improvements through the duration of the contract.
About the Client
The client is one of the world's largest airline groups with 598 aircraft flying to 279 destinations and carrying around 118 million passengers each year. It is a Spanish registered company with it’s headquarter in London.
The customer has various operating companies under its umbrella. The vulnerability management and patch management for these OpCos was managed by different suppliers. Due to this, the customer did not have complete visibility of the environment risk. The customer was also facing issues with the PCIDSS audits due to in-efficient vulnerability management by its suppliers. The customer had a very high number of false positive vulnerabilities identified in each scan and a longer patching cycle which extended to 90+ days. The customer wanted partner to deliver the services using customer’s existing tools and co-ordinate with the existing vendor for penetration testing.
Partnering with the client, we successfully provided the needed solution and standardized and automated the Vulnerability Management process:
- Coforge conducted workshops with the customer and teams from various OpCos to understand the different policies and processes followed by every OpCo and understanding the pain-points.
- Designed a comprehensive vulnerability management program to be followed throughout the organization and addressing specific requirement of all the OpCos.
- Jump start using MASTER framework for transformation of vulnerability management program via pre-designed use cases and scenarios.
- Integration with a vulnerability intelligence platform to perform threat modelling based on real risk to the environment.
- Designed and implemented a centralized dashboard for the entire IT environment of the customer.
- Quarterly workshops with industry experts for consultation.
Delivering more value:
- Automated scanning and risk-based vulnerability management program.
- Enhanced security policies and control for better remediation.
- Centralized dashboard for a single view of IT risk.
- Reduction in false positives from 61% to 43% within 1st quarter.
- Reduced vulnerability cycle from 90+ days to 60+ days within months.
- Real-time alerting of vulnerabilities through the intelligence platform.
- Near zero transition of services.