Global Network Hardware Provider Shortens its Security Defect Life Cycle by ~20% with Secure SDLC

Customer Overview

• A leading global provider of next-generation network access solutions
• The client was facing the challenge of increased security defects and longer resolution times for customers, impacting roadmaps and customer support groups

Business Challenge

The existing processes did not take into account security best practices for the roadmap, design, and deployment phases of the SDLC. This was also primarily hindering the company’s need to align to NIST 800-53/ISO 27001 guidelines and strict requirements for FISMA and FEDRAMP.

Our Solution

Our collaboration with the organization was to conduct a detailed security review, propose enhancements, and provide implementation guidance so as to strengthen the security posture of the organization with respect to SDLC processes, keeping in mind NIST and FEDRAMP requirements. We also helped address their software supply chain security concerns by conducting a risk assessment covering processes that interact with their Original Design Manufacturers and recommending appropriate enhancements.

• Security Architecture Review: Reviewing security architecture process based on secure SDLC and DevSecOps while identifying access control, data encryption, code access, deployment checks, and other security gaps in architecture used for development.
• SDLC Process Assessment: Assessment of SDLC processes in the entire SDLC life cycle from roadmap planning, design, development to deployment considering both technology as well as people risks.
• DevOps Review: Reviewing security automation for integration of security testing tools, CI/CD, reviewing version control for config management, config security, and process for code and image security. Strong recommendations, tools review, effectiveness of anomaly detection and incident response mechanisms.
• Assessment based on C2M2, Supply Chain Risk Assessment: Assessing the security of third party engagement with the organization using guidelines from CIS CSC, CMMC, NIST 800-171, and SSC Lite standards.

Business Value Delivered

• Faster Delivery Cycles: With the automation of new security checks and tasks, the bottlenecks caused by manual security testing in the end of the development lifecycle were eliminated leading to faster developer and deployment cycles. Security defects got fixed ~20% faster than earlier.
• Reduced Costs: Catching security vulnerabilities early in the development cycle is significantly cheaper than fixing them after a product is released.
• Proactive Threat Detection: The new DevSecOps strategy incorporates threat modeling and addition of security features early on in the feature design phase. This proactive approach will help identify and address security issues before they are even coded or committed.
• Continuous Compliance: The strategic transformation now ensures compliance with FISMA, FEDRAMP, PCI-DSS, and other applicable regulatory standards automatically as part of the development life cycle processes.
• Supply Chain Security: The supply chain risk assessment brought out remediations that help address espionage and data leakage concerns from a long-term perspective.

The Result

Quote from the CISO: “Partnering with Eximietas Design was crucial in strengthening our security posture and aligning our processes with industry best practices. Their comprehensive assessment and strategic recommendations not only reduced our security defect life cycle by ~20% but also ensured continuous compliance with critical regulatory standards. The proactive approach to threat modeling and supply chain risk assessment has given us the confidence to deliver secure and reliable network access solutions to our customers.”