Key Business Needs:
Lattice Engines sought a comprehensive vulnerability management solution to help its two-person IT security team reduce exposure of its cloud-based network.
Lattice Engines utilized SecurityCenter Continuous View™ (CV) to identify and assess threats across its entire cloud environment to quickly remediate critical issues, virtually eliminating exploitable vulnerabilities in Lattice’s publicly exposed systems.
Lattice Engines is the leading provider of predictive marketing and sales cloud applications for businesses of all types.Headquartered in San Mateo, CA, the SaaS company provides marketers with 360 degree views and insights about their end customers, enabling them to increase qualified pipeline and conversions by scaling their account-based marketing programs to their top target accounts.
Walter Williams, director of security and compliance, leads Lattice’s information security and compliance efforts.He and a security engineer handle a wide variety of day-to-day activities, including managing incident response and disaster recovery, maintaining all required certifications and audits, handling security inquiries from customers, pushing through information security program enhancements and much more.
Seeking Continuous Visibility and Compliance Reporting
On its website, Lattice affirms its brand promise to “provide a precise view of your customers.”But since Lattice’s own customers want assurance about the security of its SaaS offering – and confirmation that it manages security events effectively – Lattice needed a precise view of its own cloud environment.
“One of our biggest priorities is making sure our customers have the tools they need to effectively manage their marketing and sales programs, and compliance is a big part of that,” said Williams.
In 2014, Williams set out to improve and automate Lattice security and compliance reporting processes.The goal?To help his small security team keep up with the dynamic threat environment and ensure ongoing compliance with key industry benchmarks, including the ISO 27001, SANS Institute CIS Critical Security Controls (CSC) and Security Organization Controls (SOC) 2 Type II.
“The state of California requires that we implement the CIS Top 20 controls as a minimum set of standards so we are not liable for negligence in the event of a data breach.We also have SOC 2 reporting requirements, so we must be able to report on the consistency of our control set over time,” he explained.
Consequently, Williams set out to find a security provider with a next-generation approach to vulnerability management – one that could deliver an enterprise view of the network, including continuous visibility and incident analysis to help the security team quickly identify and remediate critical issues.Lattice also needed to facilitate compliance reporting to customers, auditors, state regulators and company executives – including creating weekly security status and compliance reports for its C-level and board.
The Tenable Solution
Williams was familiar with Tenable and a competitor, which both offered enterprise-class vulnerability management platforms with many of the capabilities he was looking for.After carefully comparing both companies and their products, as well as other companies in the same space, Lattice chose Tenable and its SecurityCenter Continuous View (SecurityCenter CV™) platform, integrated with the Nessus® Network Monitor, Log Correlation Engine and Nessus, the world’s most widely deployed vulnerability scanner.
This comprehensive solution delivered near real-time visibility into network traffic and critical context, as well as log event analysis and compliance reporting – and, according to Williams, a lot more.
More Features and Capabilities
“We looked closely at all of the offerings, and found that Tenable is more stable and provides many more capabilities, including automated compliance reporting, more scanning options and flexibility, and better integrations with third-party applications and tools,” he said.“And unlike many of its competitors, Tenable offers built-in controls that help us report on our compliance status against a variety of industry benchmarks.”
Williams also noted that Tenable proved to be an excellent fit for Lattice’s cloud-based delivery model, enabling his team to quickly deploy in the cloud and begin scanning right away.“We didn’t have to spend time in the weeds configuring and managing the product,” recalled Williams.“We could start using it from day one, without the need for a lot of backend configuration work, to quickly get an analysis of what was going on in our environment.”
Reducing Exploitable Vulnerabilities to Zero
The Nessus Network Monitor provides continuously visibility into network traffic and log event data.It eliminates blind spots across Lattice’s network by continuously finding and tracking users, applications, cloud infrastructure, trust relationships and vulnerabilities, with full asset discovery.And since deploying the Tenable solution, the results have been dramatic.
“We've seen a big reduction in vulnerabilities – we now have zero exploitable vulnerabilities in our publicly exposed systems, which we just validated in a network penetration test,” said Williams.“That’s probably the most important number – zero.”
He noted that unlike many competing products, Nessus Network Monitor serves as an integrated network intrusion detection system, with the ability to scale to any segment in the Lattice environment.“That’s a level of visibility into ongoing events that SIEM products don’t traditionally provide,” he added.
Collecting, Analyzing and Managing Data
Since implementing the integrated SecurityCenter CV platform, Lattice has gained a real-time, comprehensive view of all network activity, assets, web applications and events through both active scans and passive monitoring of all network traffic.In addition to identifying vulnerabilities, threats and compliance gaps across Lattice’s environment, Tenable delivers critical context to help the Lattice security team quickly assess and remediate the most urgent issues.
“Ours is a very active environment and we collect a lot of information, and SecurityCenter CV has allowed us to gather and leverage all of that data in an effective and manageable way,” said Williams.“We can automate our security procedures and proactively examine and address vulnerabilities in our environment, which is crucial for protecting our networks from major security vulnerabilities and bugs.For example, when Heartbleed was announced a few years ago, Tenable helped us identify all systems that were vulnerable, which allowed us to proactively push out a fix to that issue.”
In addition, because Tenable integrates with leading third-party solutions, Williams and his team can analyze and report on other vendor products and applications on its network.“SecurityCenter CV lets us see all activity on our network, including which cloud services are being used by the different business units, so we know no unauthorized activity is going on – it validates that our security solution is working as expected,” he said.
The security team uses Assurance Report Cards (ARCs) to measure, analyze and visualize Lattice’s security posture.They can see how each security policy maps to corporate objectives, enabling them to identify gaps and report relevant results in an intuitive report card format to company executives.And because ARCs are easily customizable, Williams has tailored them to Lattice’s specific goals and objectives – and is using them to drive improvement.
Automated Compliance Reporting
SecurityCenter CV is also helping Lattice ensure compliance with multiple industry standards and regulations – and providing the automated compliance reporting capabilities Williams was looking for.
“Our main business priority, from a security perspective, is that our customers want to know if we are in compliance with ISO, the CIS Top 20 and other frameworks and controls, and if we are effectively managing security events to reduce cyber threats and attacks,” Williams explained.“We have a story to tell, and Tenable reports and dashboards help us address customer concerns, and ARCs help us measure how well we're doing.”
“Since deploying the SecurityCenter CV platform, the value of the compliance support we’ve received has increased by leaps and bounds,” said Williams.“The ability to have visibility against compliance frameworks like CIS Cisco System Hardening, NIST, ISO 27002 and others, and seeing what we need to address, is extremely critical to us and is part of our weekly metrics reporting to our C-suite and Board.”
Delivering Assurance and Peace of Mind
Williams is not only satisfied with the measurable results Tenable and its industry-leading products deliver, but also the peace of mind they provide.“SecurityCenter CV is both an event management platform and a vulnerability management platform, and by automating both processes, and providing unparalleled scale and visibility, Tenable enables our small staff to maintain a very secure and responsive security environment.”