TARA Client Success

Case Study

Global Manufacturing Firm

A Michigan-based manufacturing firm struggled with addressing the risks associated with software vulnerabilities at facilities around the globe.  As scanning operations ramped up, it was apparent that there just were not enough hours in the month to keep up with all the findings.   

Targeting the Riskiest Vulnerabilities

Using the TARA platform, the client gained insights to the riskiest vulnerabilities regardless of the ranking assigned by the scanning technology. Using a “typical” monthly scan result pulled from the client environment, 30,000 vulnerabilities represent a much different outcome when managed with TARA.

Traditional Approach

  • Focuses on Critical and High vulnerabilities
  • 9,100 must be patched each month
  • Addresses 40% of overall risk
  • Some of the riskiest vulnerabilities (medium) are never reviewed

TARA Risked-Based Approach

  • Targets about 1% of total vulnerabilities for patching
  • 250 must be patched each month
  • Addresses 70% of overall risk
  • Highlights riskiest vulnerabilities for immediate remediation

Client Results

The outcome was startling, and the insights provided by TARA reduced mitigation workload by 97%… dramatically improving risk coverage.  Another interesting revelation was the high percentage of Medium (CVSS) vulnerabilities that had high risk scores.  Nearly 60% of the riskiest vulnerabilities were under a medium risk designation when ranked by the vulnerability scanner. On an average month, using the “Traditional” approach…55 of the riskiest vulnerabilities (medium) will never be reviewed or mitigated.

0%

Reduction in Mitigation Workload

0%

Riskiest Vulnerabilities Classified as Medium

+0%

Improvement in Risk Coverage over a Traditional Approach