Delivering Continuous Exposure Management for a Global Leader in ERP

Situation:

Enterprise Resource Planning (ERP) software helps global businesses run 24x7x365 operations. And just like any other vertical, ERP software providers need to ensure robust cybersecurity programs so they can continually meet the needs of their customers while reducing risk and improving security posture. This global leader in ERP has over 50 security tools in their portfolio, but have long struggled to deliver an effective defensive architecture and demonstrate cyber resilience.

While they leveraged multiple best of breed solutions, these tools were too narrowly scoped to deliver a consolidated view of the organization’s entire enterprise risk profile without significant manual effort. Moreover, many of their solutions were focused on providing reactive intelligence after an incident occurred instead of  taking steps to prevent an incident in the first place. They needed an ounce of prevention to provide a pound of cure.

Action:

A cross-functional team including IT, Security, Cloud Architects and the XM Cyber project lead built a program to deploy and integrate the XM Cyber Continuous Exposure Management Platform throughout the entire business. The initial focus was on high value lines of business where rigorous testing was conducted to ensure a smooth go-live with the XM platform. The organization also looked at how they could pair XM Cyber into their ERP solution to deliver a secure and powerful business solution to their global customer base.

Outcome:

Thus far, the organization has seen benefits for IT, IS, the Cloud team, and the overall business. With XM Cyber, the Security team runs continuous scenarios that simulate potential breaches but without the risk of impacting production systems or leaving breadcrumbs for attackers to later leverage. These tests then feed a prioritized list of the exposures, both in the on-prem environment and in their cloud infrastructure.

This business wide perspective on risk enables IT, Security, and the Cloud team to have data-driven discussions about the remediations needed and reduce the average time to remediate. In the case where exposures can’t be patched, they focus on hardening, best practices, or adjacent exposures can be addressed, to reduce the risk of a critical asset being compromised.

Additionally, as the organization has modernized their business, they have adopted Kubernetes (K8s) to manage cloud-native workloads and now have a comprehensive view of risks and excessive permissions across all Kubernetes clusters.

****

Want to learn more about how XM can give you a continuous view into exposures and the prioritized guidance to fix the most impactful items? Click here for a custom demo. Not ready for a conversation? Click here for a video of the platform.