Case Study

How London Business School utilized Hadrian’s rapid risk discovery and context

Education | London, UK

Challenge

Established educational institutions rely on technology that needs modernization.

The rise of online learning has forced universities to move many operations online and thus expand their attack surfaces. 

LBS wants to leverage the benefits of the latest learning technology without exposing its infrastructure to unnecessary risks.

Having a more proactive approach to digital security has become a priority.

Solution

Hadrian provided LBS with a real-time understanding of its digital infrastructure by mapping all of their internet-facing assets.

Hadrian produced detailed insights into how assets were interacting with each other across networks and departments, including how risks could propagate between assets.

Hadrian found previously unidentified risks and removed false positives with continuous machine learning.

Hadrian’s robust risk insights and remediation instructions were integrated into LBS’ security workflows.

lbs-logo

About LBS

The London Business School (LBS) was founded in 1964 and is consistently ranked as one of the top business schools in the world. In the past two decades it has expanded both globally and digitally, counting 2,300+ students yearly from more than 170 countries.

Business school

Top Rank

Yearly students

2.300+

Countries

170+

Outcome

Building a Real-time Asset Inventory with Attack Surface Management

With just the initial 20 root domains LBS provided during onboarding, Hadrian discovered 1000s of additional domains and assets. Hadrian platform analyzed the findings and immediately deployed a wide range of relevant follow-up tests. The tests identified critical risks.

With Hadrian's asset analysis and remediation instructions, LBS was able to proactively patch most of the risks on the same day.

Hadrian’s event-driven platform continued to inform LBS multiple times of newly-found assets and risks over the coming months.

Group 3901

Assets found

20,000+

False positives removed

23

Critical risks found

6

Extracting Asset Context to Improve Risk Understanding

Hadrian uses public data and its own reconnaissance to gain the necessary context on each asset. Context increases testing efficiency and helps Hadrian identify high-risk areas.

For example, Hadrian discovered that a server load for a scheduling program was balanced across 2 different IP addresses. The need for 2 IP addresses indicated high traffic. The program was prioritized for testing as frequent use indicated that compromise would impact a large portion of LBS personnel.

lbs-diagram

"Event-driven testing saved us time and energy with targeted tests that leveraged insights collected in the discovery phase. The complexity of attacks which unfolded impressed us with their similarity to the cleverness and creativity of living, breathing cybercriminals."

London Business School

Leveraging an Event-driven Architecture to Optimize Testing Efficiency 

Hadrian’s event-driven architecture allowed LBS to access targeted and complex testing. Modules are essentially ‘hacking tools’ that perform different jobs such as Fingerprinting, Passive risk database lookup, and other complex tasks. They are deployed in sequence and in parallel, with past insights or ‘events’ triggering the deployment of specific additional modules. The modules constantly exchange data between them as they investigate target infrastructure, replicating the workflow of a human threat actor.

Modules that collected context regarding LBS’ assets triggered specific testing modules. The focus on targeted testing meant continuous security validation could run efficiently and without overburdening LBS’ IT infrastructure.

In the case of LBS’ scheduling program, Hadrian considered the context and deployed a hacking module that ran tests known to reveal risks on similar assets. The test revealed a cross-site scripting vulnerability.

Machine Learning Reduces False Positives

Hadrian’s machine learning modules provide context and insights between assets. To ensure LBS didn’t waste time chasing a false positive, Hadrian utilized decision-based probes that were facilitated with up-to-date vulnerability checks, as well as AI-based false positive detection. The result was a remediation recommendation that seamlessly integrated into LBS’ SOC workflow.

Hadrian will continue to deploy relevant tests and provide in-depth risk insights. Thanks to Hadrian and LBS’ dedication to protecting its security posture, LBS can realize its modernization and expansion goals, while having one source empowering the analysis of its digital risks.

event-graph

"Hadrian went a step beyond other ASM tools by guaranteeing that the insights they provided aligned with our current concerns and needs. We were able to remediate risks quickly and effectively without wasting resources."

London Business School