The road towards continuous vulnerability assessment

As a small, consultant dependent IT department, with high demands on securing their members’ data, SMÅA’s CTO Hans Öström has the challenge to work both proactively and time-efficiently with the organisation’s IT security. Before being introduced to Holm Security he was working with traditional security systems for many years, such as firewalls, antivirus software and occasionally monitoring of servers. Working with security according to the requirements that exist today, wasn’t a possibility. 

In conjunction with new upcoming laws and regulations, such as GDPR, they decided to evaluate and improve their IT security, where their main task was to ensure that their members’ data was secure. “The last thing we want is for our members’ data to end up in the wrong hands. We handle people’s finances when they are in an exposed situation in their life. That’s absolutely not allowed to happen. We do everything and anything to protect our members’ data”, Hans says with great emphasis.

In connection with an extension of their existing security systems, Hans got introduced to Holm Security, which offered Holm Security Vulnerability Management Platform (VMP). A solution that differed from traditional tools and which could provide a proactive working method by very simple means. “It feels safe to know that I can easily get an overview of what is happening in the IT environment. What vulnerabilities that exists and where they are. For me, the best thing about Holm Security VMP is knowing exactly where you need to take action. The vulnerabilities are where the gateways for malicious code exists”.

Ability to be proactive

Nowadays, the IT environment is scanned on a daily basis. And Hans is pleased, knowing that the platform is doing the work for him. It’s this, as well as the vulnerability overview that keeps him happy knowing he gets what he’s paying for. “It all comes down to analyzing where the data is located and what I need to do if something happens. In particular, Holm Security VMP now gives me the opportunity to stop incidents before they happen. I know if, and where, I have vulnerabilities and therefore I can seal them before anyone can get in”.
However, according to Hans, the biggest difference since Holm Security VMP was implemented, is that he can now also actively look for specific vulnerabilities. “If I read in the news that there’s a new critical vulnerability out there that I soon can be exposed to, I can run a scan immediately and see if the vulnerability exists in our systems and if so, where it’s located. Accordingly, we can fix it before it could ever become harmful to our systems”. The fact that Holm Security’s updating the platform with about 40 new vulnerabilities each day maintains Hans confidence in the platform.

Implementation done during “a coffee break”

When it comes to implementing new security systems, the time aspect is something that makes many IT administrators concerned. But according to Hans, the platform was implemented during a coffee break. “Web application scanning is a bit more work to implement. But the internal scan of all our internal systems was done in an instant. I could more or less just press a button and get started”. However, he emphasizes that it’s within vulnerability management that the biggest efforts are needed. But at SMÅA they’re pleased with how the platform is working and Hans knows he is immediately informed if anything critical were to surface. “Looking at traditional security systems against malicious code, they can’t tell me where the vulnerabilities are located. You just hope it will solve them. But Holm Security VMP shows me where the vulnerabilities are so that I can follow up on several machines and see that it is in fact gone. That’s why it’s such an important addition to the other security systems I have in place”.

Links: www.smakassa.se