Challenge: Achieving accurate asset visibility and prioritizing risks was difficult to accomplish and impossible to maintain over time.
Atento initially faced challenges due to the manual effort required to maintain accurate and current asset and application inventories in their Configuration Management Database (CMDB). This was primarily because they had separate tools for their environment, each with its own dashboard and reporting system. Gathering these reports required hundreds of hours of manual work to collect, consolidate, and generate reports.
Atento recognized the need for real-time asset and risk management. To address this, they implemented Balbix and utilized its AI-powered capabilities to gain comprehensive visibility and prioritize risks. Balbix offered insights into assets, applications, vulnerabilities, and controls across IT, IoT, and cloud environments, segmented by location. This empowered regional CISOs to manage risks more effectively and guide their teams strategically.
Additionally, Balbix provided insights into OS and application versions and patches, including all the applications and systems, streamlining risk management. These changes paved the way for the productive use of our CMDB, enhancing asset tracking and management capabilities.
Solution: Leveraging Balbix and its AI-powered cyber risk management
For risk management, Atento’s security teams relied on traditional vulnerability management (VM) tools to identify vulnerabilities. However, the data often lacked the actionability needed for effective prioritization and risk mitigation, leading to unresolved vulnerabilities. With Balbix, Atento took a proactive approach to vulnerability prioritization and risk reduction.
Utilizing AI and large language models (LLMs), Balbix was able to deduplicate, correlate, and normalize assets and related OS, software, and location data from different tools into a unified dashboard. Every regional cybersecurity and risk management leader now has access to a cyber risk dashboard that provides insights into risks present in their region, empowering them to manage and mitigate risks within their regions proactively.
Furthermore, with Balbix, the security team could prioritize vulnerabilities based on their real-world threats and exploitability while incorporating mitigating controls. Soon after, they decommission their VM scanners to reduce tool sprawl.
Atento’s security team also established benchmarks for risk reduction across different regions, creating a virtuous cycle that reduced the number of vulnerabilities. This led to an immediate decrease in vulnerabilities and improved productivity.
“The success of our efforts was measurable”, stated Luiz Frota. We reduced OS patch times and improved mean-time-to-patch (MTTP) by 67%. Overall, Balbix proved to be a game-changer for the company regarding vulnerability and risk management.” This approach underscores Atento’s risk management process and positions them within the top 10% of the industry.
Leveraging insights from Balbix, Atento also enhanced the functionality of their ServiceNow® CMDB, elevating its accuracy to 98% for hardware, software, operating systems, and their respective owners, significantly increasing the realized value of the CMDB.
“With Balbix, we transformed our CMDB into a vital, highly productive asset for the company,”
Luiz Frota
Luiz also highlighted the strategic benefits of demonstrating and communicating to the management team how risk reduction can impact Atento’s bottom line. With Balbix’s Cyber Risk Quantification (CRQ), Atento was able to report risk in monetary terms and benchmark against industry standards. These metrics proved instrumental in securing the confidence and support of senior leadership and the board for securing future budgets.