Case Studies - How RedShield Protects Critical Web Apps

Shielding Security Flaws 12 Months Ahead of Patch Release

Written by RedShield Security | 11/11/2020 12:15:00 AM

The problem

As one of the largest energy providers in the country, this utility company kept the personal financial information of millions of customers on an industry-standard framework.
When a routine security audit exposed multiple flaws, the company of course turned to the original framework vendor. But because other customers utilizing the same framework weren’t experiencing the same problems, the framework vendor deprioritized the utility company’s issues. They could provide security patches—but it would take a full
year. In the meantime, they said, the utility company would just have to wait—leaving their customers’ data at risk. It was an unacceptable solution. That’s when the utility
company reached out to RedShield.
 

The solution

In just two weeks, the RedShield team designed and deployed individual shields to address each issue. After comprehensive testing showed the solution was thoroughly effective, RedShield moved to full deployment within four weeks.
 
During a retest to confirm the effectiveness of the shields, RedShield detected additional security issues that hadn’t been noted in the initial audit. RedShield jumped back into action, immediately developing and deploying new shields to address the newly detected issues.
 

The results

Before partnering with RedShield, the utility company’s only option seemed to be leaving their customers’ personal financial data exposed to potential attack for as long as 12 months, while they waited for the framework vendor to develop the needed security patches. Fortunately, the RedShield web application shielding solution mitigated the risks as well as patching would have, in a fraction of the time.
 
Today, RedShield continues to stand guard:
 
  • Monitoring the utility company’s tools and systems, 24/7
  • Auditing application defenses weekly
  • Responding to any customer queries and application updates
  • Providing monthly analysts’ reports

“Having to wait 12 months for a patch to address critical security flaws in a key system was frankly unacceptable. Once again, RedShield was able to address the business problem.”
—Utility Company Executive