Cymulate BAS for Assuta Medical Center

Additional information

Source: Web-site of vendor

The project has been delivered on schedule

The budget has not been exceeded

Functionality complies with task

Description

Challenge The fear of a cyberattack is real. The hospital’s security officers live with that fear every day because they know cyberattacks happen every day. So far, Assuta has evaded such a devastating attack on its information system. But in the past, Tamir Ronen, Assuta’s Chief Information Security Officer, hired penetration testers to test his system for vulnerabilities. However, the labor costs were significant and the actual testing took a long time. On some occasions, Tamir had to wait for the assessment results and reports to be delivered. When a test was completed, a meeting with Tamir’s staff and the penetration testers was required to resolve the findings and root out any “false” results. And, finally, Tamir’s staff would have run its own tests to double-check the findings of each report. The whole process was labor intensive and time consuming.
Imagine Tamir Ronen’s surprise when he learned from Cymulate that the entire security assessment procedure could be accomplished much more quickly through on-demand simulation.
Solution
Cymulate’s SaaS-based, on-demand Breach and Attack simulation platform keeps Assuta one step ahead of cyber attackers 24 hours-a-day, every day of the year. The platform not only assess against the latest threats and most advanced multi-vector attacks—it also delivers an immediate and complete picture of Assuta’s current security posture.
The platform uses an offensive approach and defensive tactics to simulate multi-vector cyberattacks from an attacker’s perspective, revealing critical vulnerabilities before exploitation from real attackers. After a simple implementation that required no labor from its own staff, Assuta had the ability to perform simulated attacks to reveal security exposures through email and Internet browsing.
Results
Tamir Ronen works through the Cymulate main portal where he can pick and choose what type of attack, he wants to spring on any of his security solutions at any time. He generally conducts tests on each once a month. “But each time there is a global virus attack campaign that is spreading, Cymulate immediately gets a sample of it and we can test its effect on our network immediately,” he said. “It’s a really big benefit. You can test it before it comes to you.”
Tamir notes that Cymulate has more than satisfied his main objectives by conducting penetration testing automatically through simulation. “It’s not only money,” he said. “It’s time.” He said hiring manual penetration testers to conduct a test would take several days or more. Now he said testing can take place on-demand and only takes an hour, maybe less. The fixes, he said, are illuminated immediately.
“Using Cymulate, I was able to find out that several of my security products were not configured as I wanted them to be,” Tamir said. “I discovered I had several vulnerabilities based on the misconfigured products. Once everything was configured correctly, I tested the system again using Cymulate. And the security hole within my network was eliminated.”

Details

Business tasks

Ensure Security and Business Continuity

Reduce Costs

Manage Risks

Improve Customer Service

Problems

Shortage of inhouse IT resources

High costs of IT personnel

Risk of data loss or damage

High costs

Insufficient risk management

Unauthorized access to corporate IT systems and data

Poor timing of management decision making

Low quality of customer service