Genpact Reduces Cyber Risk with Data-Science Approachdownload the full case study
Product Used: Kenna.VM
Industry: Professional Service
Size: 100,000 Employees
Gain greater control over vulnerabilities to protect operational and reputational integrity
Kenna.VM to align vulnerability remediation with business priorities based on risk
Time to remediate reduced, enabling IT teams to focus on more strategic initiatives
Reduced time to create reports by 90%
Shifted from counting closed vulnerabilities to true risk reduction metric
Professional services firm Genpact has a long legacy of innovation, launching in 1997 as a business unit of General Electric. In January 2005 Genpact became an independent company that drives digital transformation for their clients. Genpact’s focus areas are process expertise and lean management, and the company recently won an award for their real-world artificial intelligence platform, Cora.
Cybersecurity is a priority for Genpact
With over 70,000 assets and hundreds of applications spread over several data centers and cloud hosting environment. Like any organization which has such a large asset footprint, disclosure of vulnerabilities by system vendors quickly translates into thousands of vulnerabilities to patch. Due to the volume of vulnerabilities, Genpact had a large team focused on vulnerability remediation—using dozens of spreadsheets to analyze scanner data.
The team was ranking vulnerabilities (using CVSS scores) with the goal of reducing overall vulnerability count. The many reports required of the team took hours to days of manual effort, and accuracy levels varied. With the significant volume of vulnerabilities, assets, and reporting demands, coupled with the fact that they could not clearly demonstrate the impact their efforts were having on the organizations risk posture, the team needed a new approach.
Enter Rohit Kohli, Assistant Vice President, Information Security at Genpact. Kohli manages multiple information security programs for the company, including threat and vulnerability management, penetration testing, and cloud security architecture. He is also responsible for securing digital offerings for Genpact clients. Kohli was grappling with the challenge that vulnerability remediation presented. According to Kohli, “Our remediation approach involved sifting through enormous spreadsheets or hunting down fixes. The existing on-premise vulnerability scanning technology had limitations and was end of life.
A New Approach
The Genpact team knew they needed to replace their legacy vulnerability assessment technology. As part of their new approach, they were looking for a cloud-based vulnerability risk management solution that would meet their requirements to automatically ingest and analyze the data from the new vulnerability scanner, and then prioritize their remediation efforts based on which vulnerabilities posed the most risk to the organization. The team was looking for a vulnerability management solution that allowed risk scoring of assets based on asset value, tagging of assets based on categories, and real world vulnerability risk scores based on the volume, velocity, and impact of exploits. They also required robust reporting, analytics, and drill down capabilities
Kohli and his team evaluated multiple solutions in these areas. After a proof of concept, Kenna was chosen by the team for several reasons—one being “how simple you made this complex problem.” Kohli notes, “Vulnerability management is a key area for Genpact, as we as an entity have access to sensitive information from different companies. Demonstrating compliance and the effectiveness of our vulnerability management is important, especially for the financial institutions we work with. This is the real differentiator we could see in Kenna.VM.”
“Implementing Kenna.VM has resulted in Genpact being able to adopt a truly risk-based approach-significantly reducing our vulnerability exposure and overall risk in a sustainable manner.”
Assistant Vice President, Information Security
Off the “Vulnerability Treadmill” and Onto Measurable Risk Reduction
Kenna.VM is integrated with Genpact’s service desk tool, Remedy (BMC Software), to enable prioritized vulnerability assignment and streamline remediation workflow. Kohli indicates “Remediation teams are able to focus their efforts on the most impactful actions that can significantly reduce risk, versus running on the vulnerability treadmill and not making any real progress. The change in approach also energized the teams who were otherwise overly burdened with a seemingly endless mountain of vulnerabilities to constantly hack away at.”
Previously only measuring vulnerability count reduction, the team now looks at risk score reduction, remediation rate of high risk vulnerabilities, and their median time to discover and remediate high risk issues. By leveraging the knowledge of which vulnerabilities are actually being targeted by attackers, and defining business value for assets, the Genpact team has transformed their vulnerability management approach
Kenna Security helps Genpact move off the vulnerability management treadmill and into measurable risk reduction.Download the full case study