Insufficient capacity to identify threats

‍Hawke's Bay Regional Council (HBRC) manages the region's air, land, water, and coastal resources. With 300 employees working from all over the area, this local government agency is passionate about creating a healthy environment, a vibrant community, and prosperous economy.

With the increase in high-profile security breaches throughout New Zealand in 2022, the council is aware of the need to keep its networks secure. They use penetration tests periodically to test the security posture of their external assets. But with penetration tests’ high cost and long delays to get one underway, the council needed to consider options to improve their understanding of their external attack surface.

Rob Simpson, the Network Architect at HBRC, was tasked with solving this problem. Being responsible for security and networks, Rob knew he didn't have time to go threat hunting. His main priority was to find a solution that presented the main weaknesses in an easy-to-use format that he could remedy. Solutions needed to focus on founded threats rather than providing long lists of unproven items.

Rob was introduced to Glasstrail via inter-council networking.

‍

Automating vulnerability identification cuts through the clutter‍

Rob started a free trial of Glasstrail alongside a trial of a vulnerability scanning solution from a tech giant.  

With the results of the Glasstrail trial available within an hour of entering the seed domain, Rob was pleased to see the results in a clean, ordered dashboard. It directed him clearly to where he needed to focus his remediation efforts and he wasn't swamped by a long list of proven, unproven and theoretical threats. In contrast, the other solution he tested was overly complex, with details presented in a hard-to-digest format, leaving an unworkable target.

Rob comments: "When security is just one part of your role, working with overly detailed vulnerability scanners that list a threat tsunami is impossible. Glasstrail directs me to where I should focus my attention – on the most critical weaknesses."

‍

Creating a threat baseline

Rob is delighted with how Glasstrail is working for the council.

Since working with Glasstrail, Rob has addressed issues one by one, giving time available to those with the highest risk first. With this systematic approach, he has created a baseline, to then identify new issues and proactively address them as they crop up.

Rob comments: "Working with Glasstrail is a highly productive use of my time. As a security practitioner, I'm not chasing shadow threats or edge cases, wasting precious time. I'm working on real vulnerabilities that we previously had no idea about. Using Glasstrail, I'm confident that we’ve greatly reduced the blind spots in our external attack surface!"

‍

‍