NetSPI Market Case Studies

Case Study on CUNA Mutual Group

Challenge:

CUNA Mutual Group understands that effectively managing the IT security risks to their organization requires routine penetration testing,

vulnerability assessments, and code reviews to discover, assess, prioritize and mitigate both internal and external threats. Other security vendors had introduced unstructured approaches and poorly documented results that were affecting the company’s over-all security posture, regulatory compliance efforts, IT staff time, and costs.

Solution:

In partnership as a Trusted Advisor under a multi-year agreement, NetSPI delivers an on-going vulnerability management program that includes in-depth penetration testing of CUNA Mutual Group’s environment, code reviews for their mission-critical applications, network

architecture consulting, in-depth PCI consulting, and comprehensive reporting.

Case Study on Carlson Companies

Challenge:

Carlson is required to provide Visa with an assessment of its compliance with Level 1 standards. PCI standards require an in-depth third-party assessment.

Results:

"NetSPI found some gaps in the firewall rules and drove the workflow in making the necessary changes...The results of NetSPI's penetration tests are not typical...They don't just give us a 10,000 foot view, they dig deep, and we are able to act on their recommendations. By the way, they also charge less than other QSA's."

Case Study on Carlson Wagonlit

Challenge:

The company needed to implement a system for testing existing applications, defining security needs for in-house application developers, and communicating those needs in clear, specific, actionable form.

Solution:

CWT started seeing change within days. General statements of goals were converted to specific requirements, enabling developers to code more effectively. CWT has been able to clearly identify areas of vulnerability, prioritize remediation steps, implement fixes, and track the progress of the entire process.

Case Study on Fairview Health Services

Challenge:

Understand all the ramifications of PCI compliance and do an SAQ.

Solution:

NetSPI documented gaps between current practice and PCI requirements, studied how credit and debit card data flowed through the Fairview network, assisted with the SAQ, conducted ASV scans, and help set up a "PCI Island" that limited the the scope of the PCI regulations.

Case Study on Fortune 500 Financial Services Firm

Challenge:

The company needed a qualified third-party to to an independent review of the controls in place to safeguard confidential data.

Solution:

Over the course of our four year relationship with the client, NetSPI has performed a wide range of tests and assessments - internal and external penetration tests, database audits, application security assessments, reviews of firewall rules and network architecture, as well as social engineering exercises to test human security as well.

Case Study on Graco Inc.

Challenge:

Ensure the security of the clients intellectual property as well as the integrity of its operations.

Results:

"NetSPI has done an excellent job understanding risk and compliance and creating usable solutions at Graco. NetSPI has integrated with the Internal Audit group and provided significant value to Graco's IT staff."

Case Study on HealthEast

Challenge:

HealthEast, the largest locally owned heathcare organization in the Twin Cities East Metro, area needed someone who understood the internal and exteral threats to their information security as well as the ability to uncover vulnerabilities in their applications, systems, and technologies.

Results:

NetSPI has undertaken a wide range of project for HealthEast, including risk analysis and a variety of assessments: external, internal, and physical security, PCI compliance readiness, as well as application security.

Case Study on Miner's Inc

Challenge:

Miner's Inc., a regional retailer with 29 grocery stores and two liquor stores, found itself confronting the daunting task of achieving compliance with the new PCI standards. This was particularly challenging for a mid-sized business with an IT staff of just seven people.

Solution:

NetSPI performed a penetration test and gap analysis to see where the company was and where it needed to be. At the same time, the company was considering using ServerEPS, which would remove all the cardholder data from their environment, so NetSPI did an analysis which detailed all the gaps.

Case Study on Minnesota State Colleges and Universities

Challenge:

Minnesota State Colleges and Universities (MnSCU), one of the nations largest higher-education systems, was faced with creating a definitive yet flexible security and compliance framework that could be executed cost-effectively across a range of independent-minded organizations.

Solution:

An on-going partnership with NetSPI covering several initiatives including Strategic Program Review, ISO 17799 Based Policy and Standards Development, Compliance-Based Assessment, and Security Assessment Program Development.

Case Study on Xcel Energy

Challenge:

Xcel Energy Nuclear needed to understand and mitigate the risks that could lead to limiting conditions for operations, total shutdowns, or even contribute to catastrophic events.

Solution:

Since 2002, NetSPI was a key partner of Xcel through ongoing security assessments and the development of its cyber security program. Through its relationship with NetSPI, Xcel has been able to reduce its operations risk and ensure regulatory compliance.