Issue:
The construction industry impacts our daily lives and drives trillions of dollars of spending in critical infrastructure, roadways, sporting venues, and other projects. This XM Cyber customer not only designs and builds but also provides financing for and operation of major projects.
A recent project in mass transit and international sporting events gave the security team a compelling reason to focus on their Threat Exposure program. Because of the global collaboration and the distributed nature of the projects, their on-prem and cloud infrastructure created complexity that could be leveraged by an attacker. The critical nature of the projects further increased the need for a robust exposure management program.
Action:
The Global Director of Information Security saw XM Cyber and the battleground screen at an event. He was curious to see how this display could help his team visualize attack paths, show the impact of remediation efforts, and streamline their exposure monitoring program.
During a PoC to ~1k endpoints, XM Cyber helped the security team uncover assets within the global headquarters that were exposed to an attack. On this server was critical data for multiple existing projects, including a mass transit line and a critical infrastructure facility. The Security team used this as evidence to expand the XM Cyber deployment to the entire business unit within the global enterprise as the next step to a complete rollout enterprise-wide.
Outcome:
Once deployed to the business unit, the Security team performed a comprehensive risk assessment and identified more areas where critical project data was exposed. The team noted an aggregate risk score of a 70 out of 100, barely a C on the grade scale. This further highlighted the need to invest in their remediation program. Within 30 days of the deployment, the risk score jumped 15 points to an 85, with more to come.
The XM Cyber Continuous Exposure Management Platform uncovered risks their current VM tool did not, including multiple AD exposures in one location, that upon further analysis, were also present in other locations. Being able to demonstrate the before and after scoring to the executive leadership team helped prove the value of the platform.
Moreover, despite the PrintNightmare vulnerability being several years old, XM Cyber was able to find multiple unpatched machines that allowed for a successful attack. This highlighted additional areas where their current VM tool failed to deliver as needed.
Because the XM Cyber platform mirrors the environment, the Security team could simulate attacks within and between HQ and remote sites without putting production systems at risk. The team took advantage of this to put greater effort into shoring up key facilities ahead of a marquee project planned for a 2026 completion date.
The construction business unit has socialized their XM Cyber success within the entire business and has received multiple requests to present to their Security teams on how it could work in their environments.
){kind=icon}
){kind=icon}
){kind=icon}