LevelBlue helps small firm with vulnerability management and web application protection

Overview

A small private investment firm that independently manages investments in a variety of markets experienced issues with being able to identify their assets and manage vulnerabilities. With a small team of three IT experts and a modest budget, they were in search of a reliable security expert who could help them to safeguard their assets and ensure they had a robust security stance. This case study discusses how LevelBlue helped this small investment firm successfully enhance its security posture by identifying and providing remediation for their vulnerabilities in real-time.

Challenges

The firm had gone through a security assessment a few years ago prior to LevelBlue’s engagement and wanted to take on a bestof-breed approach toward cybersecurity. They knew they needed a reliable responsive, and engaged managed security service provider (MSSP) to help keep their organization safe. However, when partnering with other security service providers prior, the firm experienced issues with bandwidth, closing out projects in a CASE STUDY | 2 timely manner, as well as product quality, account management, and support. While the product in some cases was acceptable, the account management and expertise were lacking and they (the customer) felt misled. Since the firm was already an LevelBlue customer for internet and mobility services, the conversation evolved to cybersecurity and the portfolio offered by LevelBlue. In alignment with LevelBlue’s consulting strategy, which involves understanding the client’s existing security framework and assisting in their maturity, LevelBlue consultants recognized the necessity for the firm to be able to identify, observe, and remediate their weaknesses. The investment firm harbored worries about potential harm to their reputation and the possibility of website defacement, as well as the imperative to safeguard a particular application that, while needing to be public, was intended solely for a specific audience, making VPN an unfeasible option.

Solution

The LevelBlue Managed Vulnerability Program (MVP) with Qualys and RedShield strengthened their security posture with vulnerability management and web application security. Both of these solutions in the LevelBlue MVP portfolio were able to help this organization identify its assets, manage its vulnerabilities, and provide remediation on web applications to help keep their organization safe and protected. By having a vulnerability management service in place, they are now able to conduct regular vulnerability scans, assess their network and applications, identify and prioritize their security risks, and provide remediation of those vulnerabilities. LevelBlue was instrumental in providing the firm with prompt, responsible support that recognizes the significance of precision the first time around. LevelBlue’s security experts understood that preventing website defacement was of utmost importance in order to mitigate risk of reputational damage. LevelBlue was able to navigate complexities with securing an application that was required to be publicly accessible, but intended for a specific audience. In this scenario, a VPN is not a good fit and LevelBlue was able to address this and provide protection through MVP with RedShield.

Conclusion

In partnership with LevelBlue, the firm has benefitted from a deeper understanding of their security status, leading to significant improvements in their overarching cybersecurity approach. Using LevelBlue’s MVP, along with Redshield and Qualys, the firm is now able to effectively target critical IT gaps. This has been complemented by the added support, account management expertise, and crucial information the firm sought from a managed security services provider (MSSP). LevelBlue provided the firm with timely and accountable support, recognizing the importance of getting things right the first time. LevelBlue also understood the risk of reputation damage and prioritized the prevention of website defacement. The firm also had a unique challenge of securing a specific application. This application, designed for a specific audience, needed to be public, making a VPN unsuitable. These challenges were adeptly addressed and resolved.