abutton
Close menu
Accessibility Menu
Bigger text
bigger text icon
Text Spacing
Spacing icon
Saturation
saturation icon
Cursor
big cursor icon
Dyslexia Friendly
dyslexia icon
Reset
 

CASE STUDY/ INSURANCE

On-demand ethical hacking helps global financial investment and insurance company deploy with peace of mind

Agile Portfolio Evolution | NextGen IT Operations

icon

About the customer

Our client is a leading global financial services provider with a wide range of services tailored to meet the unique needs of individuals, businesses, and institutional clients.

circle icon

100+ years in the market

circle icon

Offers retirement plans, life insurance, investment products, and asset management services, among others

circle icon

Hundreds of billions of dollars in assets under management

young-concentrated-businesswoman-glasses-striped-shirt-working-with-papers-home
icon

Business challenges

Our client’s internal security team faced limited capacity and expertise to perform vulnerability assessments. This caused significant delays in deploying new applications, as the client was unable to detect and remediate vulnerabilities fast enough to maximize the value of new releases. Despite having a small team in place, it needed additional third-party validation through graybox and blackbox testing. To address these challenges, our client needed a flexible, on-demand delivery model that could scale according to production demand and provide the capacity and expertise necessary for security sign-off.

1

Increase the capacity and expertise to perform vulnerability assessments.

2

Leverage third-party vulnerability detection services with a broader range of expertise than the internal team can offer.

3

Reduce delays in the deployment of new applications.

icon

How Softtek comes into play

Softtek was selected by the client due to our long-standing partnership and reputation as a trusted and flexible partner in providing QA and application services. Our security services began in 2016 as a temporary solution to assess 40 applications, but after exceeding expectations in both the quality of vulnerability assessments and remediation opportunities generated, Softtek was engaged indefinitely to provide on-demand graybox and blackbox vulnerability assessments, as well as remediation validation.

Our team delivered assessments in a tool-agnostic way, using the best tool for the job as well as our security professionals’ ability to perform ethical hacking to identify vulnerabilities that machines might miss. The flexible contract also allowed for scope increases as needed, leading to blackbox testing for AWS and an on-site assessment of the client’s Wi-Fi network at two of its large offices.

Technologies assessed: Web apps, desktop apps, mobile apps (iOS and Android), and web services.

Type of vulnerability assessments: Graybox, blackbox, on-site Wi-Fi, and blackbox for AWS.

Services aligned to the following standards: OWASP Top 10, NIST framework, ISO 27001, Six Sigma, as well as continuous internal training programs.

500+ unique applications assessed.

2,500+ vulnerabilities detected and shared with client remediation team.

2-4 dedicated security professionals, depending on demand.

Asset 5
back img
impact1 impact2
icon

Business impact

Softtek’s security services provided the client with the capacity, expertise, and flexibility needed to enhance its application security and speed up deployment while avoiding reputational and operational repercussions.

Computer-shoppingbag

Ability to move applications from production more quickly without compromising security.

doc-lap

Timely detection of vulnerabilities with quality reports, improving decision making.

group

Avoided costs associated with fixing vulnerabilities after deployment.

hands-people

Increased customer trust through an improved security posture.

Get the PDF version