ICT Group

Challenge

1. More Visibility - ICT Group already had mature internal vulnerability scanning tools that were able to assess known assets. But, the security team also wanted to test unknown vulnerabilities and emerging exposures.
2. ‍Geopolitical Landscape - ICT Group’s threat landscape is quite extensive, as their clients are targeted by many different state-sponsored threat actors. With a diverse range of assets to protect–finding and remediating threats is a key objective.‍
3. Security Stakeholders - ICT Group manages security across many internal and external stakeholders, including business unit leaders and potential partners. Deeper coverage ensures transparency into its security posture and ongoing optimizations were critical.

Solution

• Hacker Perspective - ICT Group gained full visibility into its attack surface with Hadrian’s internet-wide scanning tooling and expanded the scope of their discovery. This ensured all assets were continuously monitored and tested, shoring up any vulnerabilities.
• Proactive Remediation - ICT Group utilized Hadrian’s continuous attack surface monitoring and automated threat detection to proactively identify and remediate risks, further strengthening its mature defense against state-sponsored threats.
• Full Transparency - ICT Group has clear, real-time insights into its security posture with Hadrian’s reporting and risk-tracking capabilities. This transparency enables stakeholders to understand risks, track progress, and continue to make informed security decisions.

Outcome

Expanding Visibility Of The Attack Surface

ICT Group serves clients in high-risk industries, making them prime targets for cybercriminals. The organization desired to expand their visibility across its extensive attack surface. Compounding this, ICT Group has over 1,500 engineers and developers who are required to make changes and spin up new servers to deliver for ICT Group’s customers. Their security team used vulnerability scanning tools to assess their known assets. However, ICT Group had its eye on eliminating any possible blind spots, which meant assessing their unknowns as well.

To address this challenge, ICT Group turned to Hadrian for real-time attack surface monitoring with internet-wide scanning capabilities, giving ICT Group automated and real-time visibility into their digital infrastructure. Hadrian’s event-driven architecture instantly detects any change in the attack surface and automatically tests for emerging security issues, ensuring that all assets are continuously monitored and tested for vulnerabilities. 

Strengthening From The Outside-In

As ICT Group’s clients face increasingly sophisticated cyberattacks, including supply chain attacks from state-sponsored threat actors, the organization’s highest priority was customer integrity, beginning with protecting a diverse and extensive range of digital assets. The sheer scale and complexity of the assets they must defend make this a daunting challenge for any organization. However, ICT Group recognized this as well as the risk posed by nation-state actors, which amplifies the desire for a further reinforced security posture. 

Kelvin Rorive, CISO at ICT Group, was formerly Head of Red Teaming at a major bank and understood the importance of postural deterrence of cybercriminals. With Hadrian, ICT Group was able to fortify its strong defenses by identifying exploitable points in the attack surface, allowing them to proactively secure their infrastructure. Additionally, Hadrian discovered opportunities to harden external-facing assets, such as unmodified or exposed systems. By remediating risks with speed and automating their discovery stage, ICT Group was able to reduce the likelihood of becoming a target. The quality of risk detection provided by Hadrian gave ICT Group’s security team confidence that they could effectively replace their existing vulnerability scanner and still be able to see everything that threatened their organization.

{{ quote-1 }}

Transparent Security Optimizations

ICT Group faced the challenge of managing security across a diverse range of internal and external stakeholders, including business unit leaders and potential partners. Business unit leaders needed clear communication and accessible reporting on security risks affecting their departments so they could assist with remediation. Meanwhile, potential partners relied on security rating services like BitSight to assess ICT Group’s security posture before engaging in business. To demonstrate enhanced security and justify such an advanced cybersecurity posture, ICT Group required transparent reporting and measurable progress indicators.

ICT Group leveraged Hadrian’s reporting and risk-tracking capabilities. Hadrian's role-based access controls and Secure Share tools make it easier for stakeholders to know potential risks, track progress, and stay alert about continuous optimizations. This transparency was further validated by measurable enhancement in ICT Group’s Bitsight Security Rating, which increased from Intermediate (640–730) to Advanced (740–900) after implementing Hadrian. By demonstrating concrete security gains, ICT Group can continue to act with confidence, further streamline their decision-making, and justify continued investment in cybersecurity.

{{ quote-2 }}