US Utility Co.

Improving MTTP and Reducing Breach Risk by Over Half

With Balbix, a US Utility could inventory all their assets, continuously analyze for vulnerabilities, and establish a standardized patching process, reducing their MTTP.

The Challenge

Due to the complexity of the environment and the difficulty in satisfying regulatory and compliance requirements, the IT and cybersecurity teams were at risk of suffering consequences such as:

  1. Regulatory censure resulting in an adverse perception of the organization, in the eyes of key stakeholders and customers.
  2. High breach risk due to complicated and inefficient processes related to cyber risk reduction. The organization encountered challenges in reducing MTTP to the desired levels.
  3. Lower ROI for security initiatives due to manual effort, operational inefficiencies and sub-optimal productivity.

The Pain Points

As a senior executive responsible for managing cybersecurity put it:

“Due to multiple tools that were engaged for inventory and vulnerability management, we lacked overall visibility into our cybersecurity posture and had a poor understanding of the breach risk. In short, finding a cybersecurity solution to manage this complex environment was a challenge.”

Enter Balbix

With Balbix, this customer was able to:

  • Get an accurate inventory of all their assets, including devices, apps, and services, both managed and unmanaged, on-premises and in the cloud, fixed and mobile, that was automatically updated in real-time.
  • Continuously analyze each asset across 100+ attack vectors to identify vulnerabilities, making risk identification and mitigation workflows much more efficient.
  • Identify business mission-critical assets and prioritize critical CVEs.
  • Gamify their processes, which helped them establish a standardized patching process that significantly reduced their MTTP.

Asset Inventory

Balbix sensors were deployed on the endpoint systems and major networks to collect inventory and risk-associated information. With Balbix’s AWS connector, it was possible to extract and consolidate inventory data from the AWS inventory. This helped the customer establish a baseline inventory in accordance with organizational policy. It also helped them search for and track mission-critical assets and provide a unified view of both on-premises and cloud assets.

Vulnerability Management

Balbix continuously discovers and prioritizes emerging vulnerabilities based on risk, incorporating information about vulnerabilities, threat levels, asset exposure, security controls, and business criticality. Accompanied by dashboards with powerful search capabilities, Balbix enables stakeholders across the organization to quickly identify risk areas.

A few critical use cases that helped the customer significantly reduce their risk include prioritizing CVEs and assets based on risk. The tag capabilities also helped the customer address some of the CISA-related CVEs that needed to be addressed on priority from the compliance perspective. The identification of misconfigurations and acceptance of risk at various levels helped monitor the risk more efficiently. Balbix’s highly automated end-to-end vulnerability management solution has helped the customer continuously discover and analyze breach risk