Rahul Raghavan
Director
Cyber Risk
Toronto
Mon, May 20, 2024
Scaling Up Application Security for a Global Telecommunications Company
Discover how an industry-leading global telecommunications company revolutionized its digital defenses and safeguarded critical applications through a strategic partnership with Kroll.
The Challenge
The Challenge
Embarking on a journey to reinforce its digital defenses, a top 50 global telecommunications company initiated an application security program with a laser focus on safeguarding its most critical and sensitive applications. While this initiative proved successful in elevating the company's security to industry standards, a realization dawned upon them—the need to extend the protective shield to encompass more data and preserve its hard-earned reputation.
Recognizing that not all of its approximately 700 web applications dealt with sensitive information, the company understood that a breach in even a less critical application could still tarnish its reputation. To address this vulnerability, a decision was made to collaborate with a partner who possessed profound expertise in application security and had the ability to swiftly scale up the testing program.
The ultimate objective was clear: to empower the company to construct a comprehensive program capable of testing a diverse array of applications. The chosen partner would conduct thorough testing, and also provide invaluable findings and analytics to enable the company to bolster its security posture across all business units.
Kroll was top of mind.
Kroll's Solution
Kroll's Solution
Having previously collaborated with Kroll on smaller web application assessments, our client faced a new challenge—a project of unprecedented scale. The company, after a rigorous competitive bid process, chose multiple vendors to conduct the assessments. During this selection process, Kroll strategically emphasized our extensive experience in web application testing, alongside their proven ability to scale operations. With a track record of successfully partnering with major players in the banking and media sectors, Kroll showcased our capability to handle enterprise-level engagements of a similar magnitude.
Following the selection process, Kroll was entrusted with the responsibility of testing approximately 200 applications utilized by the telecom company's IT department. The engagement swiftly gained momentum, and within a month of the contract signing, Kroll was efficiently testing around 25 applications monthly.
As the partnership evolved, spanning now over four years, Kroll's role expanded to cover a growing number of applications across various business units, including integration into the networking department. Each year, Kroll meticulously devises a comprehensive plan that outlines the projected effort required for testing the assigned web applications. Beyond planning, Kroll provides continuous project management support to ensure thorough, timely and budget-conscious execution of testing activities.
Moreover, Kroll demonstrated adaptability by extending its expertise to assess the security of emerging technologies for their client, which included delving into Internet of Things and 5G mobile devices.
The Impact
The Impact
After partnering with Kroll, the telecommunications company experienced a multitude of security and operational advantages:
- Actionable data: The company found immense value in Kroll's detailed metrics, leading Kroll to become their client’s preferred application security vendor. Similarly, the reporting provided by Kroll became the standard across their client's penetration testing program. Executive reporting went beyond merely highlighting identified vulnerabilities and risks across the entire business group; it offered their client specific insights into the risk profiles associated with each individual vice president responsible for a group of applications. This approach provided a clearer view of the company's security posture, enabling individual segments of the business to concentrate on impactful security changes, and also facilitated tracking progress towards remediation goals for each part of the business.
- Testing on time and on budget: Kroll demonstrated its capacity for large-scale testing by consistently delivering on time and on budget throughout the engagement. When our client paused the project for several months due to pandemic concerns, Kroll efficiently ramped up testing again, realigned the project and successfully completed the assessments by the year's end.
- Increased web application firewall (WAF) effectiveness: With web application firewalls already in place, the company sought to assess their effectiveness. Kroll, during web application firewall testing, collaborated with the client to route application security testing through the WAF, showcasing its capabilities. Based on the findings, Kroll worked closely with the client to enhance the WAF configuration, maximizing the value derived from this investment.
- Verified effectiveness of scanning programme: During the web application scanning phase, Kroll's consultants noted a unique pattern: Only 15% of vulnerabilities were identified through automated scanning, while a significant 85% were uncovered through manual testing. This contrasted sharply with industry norms. Kroll verified the effectiveness of the client's scanning program and positioned the business ahead of its peers by emphasizing the importance of manual testing in identifying vulnerabilities.
Need help staying ahead of a complex challenge?
Application Security Services
Kroll’s product security experts upscale your AppSec program with strategic application security services catered to your team’s culture and needs, merging engineering and security into a nimble unit.
Cloud Security Services
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Web Application Penetration Testing Services
Assess the design, configuration and implementation of your web apps for critical vulnerabilities. Kroll’s scalable pen testing services consider the business case and logic of your apps, providing more coverage and an optimized program based on risk.
Discover More Client Stories
Client Story
Client Story
Partnering With Leading SaaS Company to Complete a Lucrative Sale
Discover how Kroll steered the Board of a leading SaaS company towards a lucrative sale through running a buy-and-build strategy on the buy-side and a dual-track growth equity and M&A process on the sell-side.
Client Stories
Resolving a Highly Complex Security Breach for a Global Multinational
Feb 14, 2023
Discover how Kroll employed its integrated expertise in Cyber Security Services, Financial Fraud, Workflow Assessment, and Physical Security Services to resolve and enable a fast recovery from the damage caused by a highly complex security breach.Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.