Finance Industry Case Study
Global Enterprise Security
Maintained by a distributed security team
Centralized Security Database
For policy and vulnerability information
Scaling an Application Security Program
The company had a large portfolio of 2,000 applications, and application security testing processes were manual and nonstandardized with no accountability, leading to requests being lost and no standard way to handle the results of tests that were performed. As a result, the application security team could not fulfill the requirements the business was placing on them. Large portions of the application portfolio were not being tested, and those applications that were being tested were being handled in an ad hoc manner resulting in identified vulnerabilities not being fixed in a timely manner.
ThreadFix was established as the system of record for application security testing results and for application security policy management. This centralized authority then allowed the security team to enlist security champions spread across the organization to act as liaisons to and consultants for groups of the distributed development teams.
Enterprise Security Visibility
This allowed the organization to scale application security testing and vulnerability management. In addition, the ThreadFix database is now used to feed their corporate risk reporting systems to provide enterprise-wide visibility into the risk associated with deployed applications.
The end result is that the organization enjoys the scale of a distributed application security team with the consistency of a centralized database of both policy and vulnerability information that is fed into corporate risk management systems to help address compliance requirements.