CASE STUDY/ INSURANCE
Agile Portfolio Evolution | NextGen IT Operations
Share with your colleagues
Our client is a leading global financial services provider with a wide range of services tailored to meet the unique needs of individuals, businesses, and institutional clients.
100+ years in the market
Offers retirement plans, life insurance, investment products, and asset management services, among others
Hundreds of billions of dollars in assets under management
Our client’s internal security team faced limited capacity and expertise to perform vulnerability assessments. This caused significant delays in deploying new applications, as the client was unable to detect and remediate vulnerabilities fast enough to maximize the value of new releases. Despite having a small team in place, it needed additional third-party validation through graybox and blackbox testing. To address these challenges, our client needed a flexible, on-demand delivery model that could scale according to production demand and provide the capacity and expertise necessary for security sign-off.
Increase the capacity and expertise to perform vulnerability assessments.
Leverage third-party vulnerability detection services with a broader range of expertise than the internal team can offer.
Reduce delays in the deployment of new applications.
Softtek was selected by the client due to our long-standing partnership and reputation as a trusted and flexible partner in providing QA and application services. Our security services began in 2016 as a temporary solution to assess 40 applications, but after exceeding expectations in both the quality of vulnerability assessments and remediation opportunities generated, Softtek was engaged indefinitely to provide on-demand graybox and blackbox vulnerability assessments, as well as remediation validation.
Our team delivered assessments in a tool-agnostic way, using the best tool for the job as well as our security professionals’ ability to perform ethical hacking to identify vulnerabilities that machines might miss. The flexible contract also allowed for scope increases as needed, leading to blackbox testing for AWS and an on-site assessment of the client’s Wi-Fi network at two of its large offices.
Technologies assessed: Web apps, desktop apps, mobile apps (iOS and Android), and web services.
Type of vulnerability assessments: Graybox, blackbox, on-site Wi-Fi, and blackbox for AWS.
Services aligned to the following standards: OWASP Top 10, NIST framework, ISO 27001, Six Sigma, as well as continuous internal training programs.
500+ unique applications assessed.
2,500+ vulnerabilities detected and shared with client remediation team.
2-4 dedicated security professionals, depending on demand.
Softtek’s security services provided the client with the capacity, expertise, and flexibility needed to enhance its application security and speed up deployment while avoiding reputational and operational repercussions.
Ability to move applications from production more quickly without compromising security.
Timely detection of vulnerabilities with quality reports, improving decision making.
Avoided costs associated with fixing vulnerabilities after deployment.
Increased customer trust through an improved security posture.