22 Jan Turning cyber resilience into a superpower

Airiam is a pioneering managed resilience provider on a mission to ensure its customers minimize cyber risk and maximize business productivity. Airiam works on the frontlines of cyberattacks to inform their solutions while ensuring customers are hardened against cyberattacks and have built in resilience to bounce back after an incident.

Facing a pentesting skills shortage. Pentesting is central in assessing a client’s resilience to cyberattacks and was part of Airiam’s core managed service offering. The company found itself in a battle for talent, struggling to retain pentesting skills in-house.

When it came to client vulnerability management, they found that most of the available tools were basic and time-consuming. They were simply scanning the client environment, comparing results with a vulnerability list, and flagging discrepancies.

This lacked the detail and nuance needed to convince clients to act on the results quickly and did not empower them to fix “prioritized” issues first. Often, vulnerability scanners are not enough to help keep a company resilient against cyber threat actor attempts to target their environment.

Organizations need to shift their “scan and patch” mindset and look for security solutions that “Find, Fix, and Verify” remediations/mitigations immediately and continuously.

The pentester shortage was having a commercial impact on Airiam, causing them to turn away potential business or outsource to another provider. After hearing about NodeZero, they booked a demo. The client was impressed with how the attack team ensures the product is always at the cutting edge of the threat environment. “The idea of the attackteam keeping everything completely up to date when there’s a new vulnerability (CVE) release while also doing their own POC and building it into the system is a game-changer”.

Initially NodeZero was run against Airiam’s own datacentre which hosts several of their clients, and compared the results to the previously tested automated solution. He found that NodeZero’s results were more specific and relevant to his environment. “NodeZero was a lot more thoughtful, and it’s fix actions were incredible.”

Since deploying NodeZero in its own managed client environment, Airiam has achieved a 50% reduction in outstanding vulnerabilities across their managed customer base. Some of the lower-level vulnerabilities that remain are due to legacy networks or applications, meaning that clients are unable to easily address them. However, in this case, NodeZero enables Airiam to show the client that it has identified the low-level vulnerabilities and suggest defenses such as segmentation so a known vulnerability cannot be exploited.