Client averted Zero-Day vulnerability attack, launches scalable and highly secure product with cloud architecture, and achieves significantly matured security protection all-around.A Client in Healthcare Industry
We implemented an enhanced Cybersecurity Posture and Incident management framework, which allowed our client to not only be compliant with several healthcare and government regulations, our client was successfully and confidently launch a highly secure and scalable API based cloud native solution for users across United States. Our client also achieved audit certification in NIST and FEDRAM compliance while operating with a highly distributed remote workforce.
challenges
- Our client having prior cloud infrastructure and SaaS solution, needed to shift their full IT operations to the cloud in light of a highly distributed work-force.
- Our client also was in need to securely offer their product to a predominantly mobile user base across US without sacrificing or exposing cybersecurity vulnerability that come with API and mobile based solution offerings.
- Our client was also in need of a more robust identity access management as well a deeper understanding of their total attack surface and holistic Cybersecurity protection and Incident response readiness.
- They also lacked in-house expertise in cloud security implementation.
solution
We engaged our client with an incremental improvement plan, first identifying their highest business priorities as well determining their current strengths and areas of opportunity. During the initial phase of our engagement.
- We quickly identified several immediate areas to secure, which lead to discovery of several systems potentially vulnerable to zero-day attacks.
- We also created incremental areas of further security in relation to the organizational priorities.
- We also identified several areas of immediate remediation around identity access management and un-necessary elevated access by third parties.
Subsequent in our second and third phase of engagement we helped implement
- An end-to-end holistic monitoring and transparent process of threat monitoring and reporting.
- As in-house assessment of client cybersecurity maturity compare to the C2M2 maturity model, as well as actionable steps to achieve a higher level of maturity in their cybersecurity posture.
- A detailed assessment of clients existing network and access security software to identify areas of optimal usage of these tools and identify gaps.
- A holistic assessment of client’s IT operations and their in-house staff and third-party interactions with HIPAA data to ensure data-access rules (per NIST and HIPAA controls) are adhered to.
results
Our client achieved the following results as a result of our incremental engagement, combined with our holistic approach and industry expertise.
- Averted potential zero-day attack across several of the systems.
- Achieved a higher zero-trust model in identity and access management.
- Actionable step-by-step plan to achieve highest level of auditable maturity in C2M2 and with our hands-on help, their in-house team made significant progress within 2 1/2 months and gained confidence to carry on with incremental improvements.
- We implemented a robust real-time monitoring and intrusion detection with some degree of automated resolutions processes as well as automated alerting mechanism for any critical/un-usual activities observed.
- An end-to-end reporting process for executive understanding of client’s readiness in security and incident management.
- A detailed task and RACI level incident management plan.