The problem
As part of their routine maintenance processes, the healthcare organization engaged a security testing company to give their platform a check-up. During a standard penetration test on a critical web application, the testers uncovered a major flaw. Solving the problem without massive disruption to the service seemed impossible. Blocking exploit traffic with a WAF wasn’t technically feasible. Code remediation wasn’t commercially realistic. And redeveloping the app to fix the flaw would be a six-month, multi-million dollar slog.
They had two choices: accept the risks the flaw presented and find ways to mitigate the impact, or take the application offline to undergo expensive redevelopment. Both approaches were non-starters.
The solution
Together, the healthcare organization and the security testing company shared details about the flaw and exploit methods with the RedShield team. RedShield understood
their apprehensions about taking the app offline, and their reluctance to dent their budgets on a redevelopment. So RedShield came up with a way to avoid both.
RedShield proposed a customized application stateful logic shield to address the flaw. The security testing company concurred, and the organization agreed to move ahead.
To avoid any disruption, the organization reengineered their business process, and redirected their application test and development traffic to the RedShield cloud node.
With continuity locked in, RedShield applied, tested, and deployed the stateful logic shield–all in just one week, and all for less than $27,000. After the solution was thoroughly
and successfully tested, the RedShield team rolled it out across pre-production and production environments.
The results
With the application vulnerabilities vanquished, RedShield’s outside-the-box thinking meant the organization extended the life of a key web application with no business disruption. And, they did it for significantly less than redevelopment would have cost.
In addition to savings, the RedShield solution spared the organization from time-consuming testing, complex business process reengineering, new system training, and
inconvenient migration outages.
Today, RedShield continues to stand guard:
- Monitoring the organization’s tools and system 24/7
- Auditing the application defense weekly
- Responding to customer queries and application updates
- Providing monthly analyst reports
“27k for RedShield to remediate application vulnerabilities that were beyond the
capability of our WAF and would have required millions to redevelop the app—the
choice to go with RedShield was a no-brainer.”
— Health Organization Executive