Mon, May 20, 2024
Embarking on a journey to reinforce its digital defenses, a top 50 global telecommunications company initiated an application security program with a laser focus on safeguarding its most critical and sensitive applications. While this initiative proved successful in elevating the company's security to industry standards, a realization dawned upon them—the need to extend the protective shield to encompass more data and preserve its hard-earned reputation.
Recognizing that not all of its approximately 700 web applications dealt with sensitive information, the company understood that a breach in even a less critical application could still tarnish its reputation. To address this vulnerability, a decision was made to collaborate with a partner who possessed profound expertise in application security and had the ability to swiftly scale up the testing program.
The ultimate objective was clear: to empower the company to construct a comprehensive program capable of testing a diverse array of applications. The chosen partner would conduct thorough testing, and also provide invaluable findings and analytics to enable the company to bolster its security posture across all business units.
Kroll was top of mind.
Having previously collaborated with Kroll on smaller web application assessments, our client faced a new challenge—a project of unprecedented scale. The company, after a rigorous competitive bid process, chose multiple vendors to conduct the assessments. During this selection process, Kroll strategically emphasized our extensive experience in web application testing, alongside their proven ability to scale operations. With a track record of successfully partnering with major players in the banking and media sectors, Kroll showcased our capability to handle enterprise-level engagements of a similar magnitude.
Following the selection process, Kroll was entrusted with the responsibility of testing approximately 200 applications utilized by the telecom company's IT department. The engagement swiftly gained momentum, and within a month of the contract signing, Kroll was efficiently testing around 25 applications monthly.
As the partnership evolved, spanning now over four years, Kroll's role expanded to cover a growing number of applications across various business units, including integration into the networking department. Each year, Kroll meticulously devises a comprehensive plan that outlines the projected effort required for testing the assigned web applications. Beyond planning, Kroll provides continuous project management support to ensure thorough, timely and budget-conscious execution of testing activities.
Moreover, Kroll demonstrated adaptability by extending its expertise to assess the security of emerging technologies for their client, which included delving into Internet of Things and 5G mobile devices.
After partnering with Kroll, the telecommunications company experienced a multitude of security and operational advantages:
Need help staying ahead of a complex challenge?
Kroll’s product security experts upscale your AppSec program with strategic application security services catered to your team’s culture and needs, merging engineering and security into a nimble unit.
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Assess the design, configuration and implementation of your web apps for critical vulnerabilities. Kroll’s scalable pen testing services consider the business case and logic of your apps, providing more coverage and an optimized program based on risk.