Meet Armis at Black Hat 2024

Learn More
Case Study

Moving to Proactive Security Stance Management

students in a college lecture hall

Lehigh University (LU) is a private research university in Bethlehem, Pennsylvania. The university was established in 1865, and serves around 8,000 students.

The Challenge

The security team recognized that its vulnerability and exposure assessment process was not effective in prioritizing risk, which negatively impacted interaction with the teams responsible for implementing the fixes. The team identified several related issues that stood in the way of taking a more proactive approach to the university’s technology risk posture: primarily manual assessment of vulnerability contributed to protracted mean time to remediation from notification the team couldn’t consistently correlate security findings with the asset it was detected to perform risk assessments – in particular, critical findings on Internet accessible systems. Because of inconsistent prioritization outcomes, it was challenging to maintain a collaborative approach to interacting with the teams responsible for implementing the fixes – extending the risk exposure window.

In the absence of correlation and contextualization of asset profiles and vulnerability findings, the team would sometimes request a fix to a system that was not Internet exposed – undermining the willingness to collaborate on implementing fixes.

In addition, the team was looking to reduce spend on multiple detection tools without compromising findings coverage.

Continue Reading

Challenges
  • challenge iconMaintain a proactive approach to security posture
  • challenge iconMinimize risk exposure window by reducing time between notification and remediation
  • challenge iconIncorporate asset risk context to drive prioritization of security findings
Results
  • results iconReduced time spent on assessment by 80% with findings consolidation and deduplication across tools
  • results iconFacilitated 40% decrease in tool costs, with consolidation and retirement of overlapping tools
  • results iconReduced time spent on fix workflows by as much as 80% through ownership assignment and ticketing integrations