Exposed to Potential Risks, a Global Airline Group Switched to Automated Vulnerability Intelligence Program
Overview.
Headquartered in London, our client is one of the world’s largest airline groups with 598 aircraft flying to 279 destinations and carrying around 118 million passengers every year. The airline struggled with scattered vulnerability and patch management across different suppliers which made it prone to serious security breaches. The airline company was seeking a partner who could offer deep domain industry expertise in vulnerability management to nullifycyber threats. Coforge pitched in with a comprehensive vulnerability management program to address the specific requirements of the airline company.
The airline company had various operating companies under its umbrella. Different suppliers were handling the vulnerability & patch management for these OpCos (Operating Companies). As a result, the company fell short of complete transparency and control over environmental risks.
Issues With PCIDSS Compliance
Due to inefficient vulnerability management through suppliers, there were issues with the PCIDSS (Payment Card Industry Data Security Standard) audits.
Long Patching Cycle
The client was witnessing a staggering number of false positive vulnerabilities identified in every scan coupled with a longer patching cycle extended to 90+ days.
The airline company wanted a trustworthy partner who could deliver the services using customers’ existing tools and coordinate with the foregoing vendors for penetration testing.
Coforge Solution
Being a steady partner, Coforge understood the pain points of the client straight away. We conducted a detailed workshop with the airline company to understand the different policies and processes every OpCo follows. Based on the insights, we devised a plan to automate the vulnerability management process that can proactively identify and address security weaknesses in addition to reducing the risk of cyberattacks and their associated consequences.
Key highlights of the solutions:
Devised a comprehensive vulnerability management program that can be deployed throughout the organization along with addressing the specific requirements of all the OpCos.
MASTER framework for transformation of vulnerability management program via pre-designed use cases and scenarios.
Integrated a vulnerability intelligence platform for real-time threat modeling.
Designed and implemented a centralized dashboard for the entire IT environment of the customer.
Quarterly consultation workshops with industry experts.
The Impact
Automated scanning and risk-based vulnerability management program
Upgraded security policies and control for improved remediation
Centralized risk management dashboard for a unified view
Cut down false positives from 61% to 43% within the first quarter
Marked down vulnerability cycle from 90+ days to 60+ days
Real-time vulnerability alerts through threat intelligence platforms
Near zero service transition
If you are looking for an experienced partner who can help you with a precise vulnerability management program that fits your company’s unique needs, we are just a message away. Fill out this contact form and our team will reach you.