The Challenge: Lack of Unified View, Missing Insight Into Outsourced Providers

The bank had a long history of using various cybersecurity tools to fight crime and comply with regulations. “We were adding state of the art tools including EDR, and privileged access management. But all of those were managed by our outsourcers. Following an incident, they wanted to ensure resilience and monitor their cybersecurity outsourcing for their true risk posture. They searched for a unified solution with a centralized view of all cybersecurity exposures across their IT estate. The bank explored several cybersecurity solutions before selecting XM Cyber. Says Alexandre, “All of the other vendors we met were really focusing on sampling our estate as opposed to continuously identifying exposures across our hybrid networks.”

The Solution: Optimizing Current Investments in One Unified Platform

XM Cyber Continuous Exposure Management stood out as a unique solution that could provide a complete view of the bank’s estate and identify potential weaknesses in the environment that an attacker could leverage to move laterally. After a thorough evaluation process, the bank selected XM Cyber and deployed it across their estate. “So the idea was really with XM Cyber to find the accurate scale of investment and return on investment for each cyber solution we were implementing… it was key for us to confirm that all security pillars we were building for the past 10 years were efficient.”

They decided to utilize XM Cyber’s managed service and with the support of the XM Cyber team, the deployment process was smooth and efficient. The bank’s infrastructure team initially had concerns about deploying agents on each endpoint, but with the added value of XM Cyber’s rich continuous exposure management capabilities, they were able to overcome these objections. By onboarding XM Cyber, the bank was able to assess the effectiveness of their existing security solutions and optimize their investments in cybersecurity.

XM Cyber’s managed service is also helping them communicate remediation guidance to their outsourcers. Says Alexandre, “We work closely with the managed service team to get the best out of the tool to really demonstrate to our outsource team what is the issue and what needs to be fixed. Our outsourcers know what to do within the next seven days and then we make a summary the week after and set a new objective for the week to come… I think the managed service is key for us. There’s a strong added value of having experts from the solution, similar to professional services.”

Benefits and Outcomes: Seeing Interconnected Risks 

With XM Cyber, the bank was able to identify vulnerabilities such as the PrintNightmare exploit, which could have posed significant security risks if left unaddressed. Says Alexandre, “We were able to identify a clear case where we were supposed to be fine. PrintNightmare was supposed to be patched in our environment a year ago and with XM Cyber, we were able to identify a few cases where it was not patched. It looks like a small example, but when you compile a set of small events, this is the way an attacker could exploit our environment, and we are now in a safer place due to XM Cyber.”

The team was using many tools and believed that they were secure, but according to Jerome, “XM Cyber showed us that it was not the case. They helped us get visibility on security issues that we didn’t have before.” They were also pleasantly surprised with how powerful the tool is when it comes to detecting risky entities and misconfigurations in their cloud environment.

“We had some blob storage that shouldn’t be reachable from the internet {but was}…and nobody was aware of that,” says Jerome. XM Cyber detected the exposure and they were able to assign it to their outsourcers to be remediated.

When asked what they like most about XM Cyber, the team mentions being able to visualize the complete attack path. “You can really see what the starting point is, to the choke point, and up to critical assets it reaches. And it’s very insightful to see the whole process.” With these insights, they can focus on fixing the issues with the greatest impact to their critical assets.

Gaining a Comprehensive View 

XM Cyber also provided insights into misalignments in the bank’s vulnerability management tools, allowing them to optimize their security investments. Collaboration with the XM Cyber team and the implementation of weekly monitoring and reporting processes have enabled the bank to track their progress and make threat-informed decisions to enhance their security operations. “It provides us a view on the interface between the old world, on-prem, the cloud, the various domains we have among our subsidiaries,” says Alexandre. “One of our first insights and it was one of the blurred areas for us. It’s the bridge between the cloud and on-prem and we were able to identify exposures that allowed attackers to pivot from the cloud to our on-prem environment just in the first week of deployment, which proved to us quick time to value.”

Recommendation and Future Expectations:

Alexandre highly recommends XM Cyber to his colleagues, emphasizing the unique exposure management capabilities and comprehensive view of the IT estate provided by the solution.

The bank expects to continue leveraging XM Cyber to stay ahead of evolving cybersecurity threats, optimize their security investments, and further enhance their security posture.

Overall, the implementation of XM Cyber has enabled the bank to proactively identify and address vulnerabilities, improve their security operations, and strengthen their overall defenses.