Blog

Genpact Steps Off the Vulnerability Management Treadmill

John Morin, Customer Success Manager, Kenna Security

Let’s face it, vulnerability management is challenging. Larger companies can have tens of thousands of assets and millions of vulnerabilities. Even if you rank which vulnerabilities to patch first using CVSS scores, where does it end? You patch 100 vulnerabilities—more get added to the list.

My customer, Rohit Kohli, Assistant Vice President for Information Security at professional services firm Genpact is all too aware of this cycle. He calls it the “vulnerability management treadmill.” Rohit saw his team in an endless cycle trying to reduce overall vulnerability count, and despite the team’s efforts, they had no way to clearly demonstrate the impact their efforts were having on the company’s risk posture.

Rohit Kohli – Assistant Vice President for Information Security, Genpact

Rohit knew there had to be a better way. He and his team needed to replace their legacy vulnerability assessment technology, and after evaluating multiple options they chose to include the Kenna Security Platform as part of their new approach.

After Genpact came on board as a Kenna customer, that’s when I had the good fortune to be assigned as their Customer Success Manager (CSM). I could tell immediately that Rohit was really passionate about what he was doing and the potential impact the project could have on his organization.

A little background on what Customer Success means at Kenna: When a customer decides to implement the Kenna Security Platform, they have certain goals and expectations they want to meet—their “success objectives.” My job as a CSM is to help our customers meet those success objectives and maximize their investment in the Kenna Security Platform. We do this by providing guidance from the kickoff call through implementation and ongoing use. This guidance can come in many forms, including sharing best practices, helping plan the roll-out, and pulling in the right resources at the right time from the ‘various teams within Kenna.

I learn from all of my customers and was especially inspired by Rohit’s, and, in fact, the entire Genpact team’s, commitment to this project.

Check out what Rohit and his team have accomplished:

  • Scanning penetration reports that previously took 6-8 hours are now generated in 30 minutes—a 90% reduction
  • Several other reports have simply been replaced by the Kenna dashboard
  • By integrating the Kenna platform with their service desk tool, Genpact can prioritize vulnerability assignments and streamline remediation workflows
  • They started with four users on the Kenna platform and are now up to over 200 across the company, using the prioritization, remediation, and reporting capabilities
  • The Kenna platform brought together their security, business compliance, and remediation teams to collaborate proactively on managing cyber risk

One of the most rewarding parts of my role is when customers reach their success goals, and in this case it has been awesome to see the impact Rohit and the team made to Genpact’s risk posture.

As Rohit states in the success story, “Remediation teams are able to focus their efforts on the most impactful actions that can significantly reduce risk, versus running on the vulnerability treadmill and not making any real progress.” Instead, he says, “We’ve defined and now utilize metrics that help assess risk overall.” And the bottom line resulting from this approach, to quote Rohit, is “significantly reducing our vulnerability exposure and overall risk in a sustainable manner.”

Want to read the full story of how Genpact went from the vulnerability management treadmill to measurable risk reduction? Check it out here: Genpact’s story.