Customer Story
The social housing sector is in a state of major flux, and like many organisations, is facing many challenges all at once. While mergers have long been a feature of the social housing sector, there’s been a significant uptick in recent years, with housing providers looking to take advantage of economies of scale, increase efficiencies, and encourage administrative savings in the business.
Abri Homes was formed out of the merging of Radian Homes and Yarlington Homes in October 2020. As a result of the merger, Abri inherited a second IT infrastructure, which included a significant amount of legacy hardware running outdated applications.
As part of the work and services Abri provides, it holds a lot of sensitive information about its customers—data that must be protected in order for Abri to meet its legal and regulatory compliance requirements.
“We just ran a scan. It found everything within an incredibly short amount of time and highlighted some of the historical data that needed to be deleted. It was a huge time saver. It’s basically like having an extra member of your team! The platform is very powerful, very intuitive and easy to use. Partnering with BlueFort was absolutely the right decision for us.”
BlueFort views an organisation’s IT estate through the lens of its continuous discovery, validation and control methodology. This is closely aligned to the NIST framework and Gartner’s Continuous Threat Exposure Management (CTEM) program, which recommends organisations establish regular repeatable cycles to establish consistent, actionable security posture remediation plans, that are easily understood at both a business operations and a technical level.
The initial challenge that BlueFort’s consultants helped Ian Butcher, IT Security Manager at Abri Housing meet, focused on the discovery pillar in the methodology. This meant identifying what assets the organisation had, where they resided, what its security state was, and, importantly for compliance purposes, what urgent remediations needed to be made.
Like many organisations, the true scope of Abri Housing’s attack surface exceeded its legacy vulnerability management approach, so clearly establishing and defining the organisation’s attack surface was also a critical first step; as this represents the most vulnerable entry points potential threat actors might look to exploit.
The discovery process identified all of the IT assets that make up the organisation’s attack surface—even ones that were not currently known or initially visible—uncovering hidden assets, misconfigurations and vulnerabilities.
To put effective controls in place, Ian’s team needed to have a 24/7 understanding of the total IT infrastructure, in order to identify potential and actual weaknesses in Abri Housing’s security posture.
BlueFort recommended an automated penetration testing platform to automate testing across all attack surface layers, by safely emulating insider and outsider attacks. Much more than simply testing security controls, BlueFort’s solution delivers a real-time, hands-on experience, that can assist IT security teams in deciding where to focus their efforts next.
The initial scan identified all assets and vulnerabilities that needed to be immediately remediated, in order for Abri to meet its regulatory obligations.
Abri Housing is now widely using BlueFort’s platform to ensure it has up-to-date validation of its entire security program at a moment’s notice, including security policies, password configurations and critical assets. The primary report used is the black box penetration test, which determines the vulnerabilities that are exploitable from outside of Abri Housing’s network.
Validating and verifying threats facing the organisation, based on the identified and prioritised points of weakness provides a complete, detailed, and realistic view of Abri Housing’s security posture. Validation is about confirming whether there is potential for threat actors to exploit vulnerabilities by analysing all potential attack vectors, based on the tools, techniques, and procedures (TTPs) an attacker might use. It tests readiness for the latest advanced threats, to provide a reliable view of the impact of exploiting each potential weakness. Security assessments are no longer a static annual exercise, but a continuous part of Abri Housing’s cybersecurity posture.
Ian and his team now work with BlueFort through its Evolve program – a cyber services platform that provides flexible and on-demand access to skills and expertise. BlueFort’s industry experts have gone through the vetting, testing, and curation of exciting new technologies, to help organisations cut through the noise of the cybersecurity market, deliver proactive cyber market research and provide enhanced support.
With BlueFort’s automated security penetration testing under control—continuously testing and validating Abri Housing’s security infrastructure—Ian works alongside BlueFort’s consultants to action the threat validation information and remediation recommendations it delivers; focusing on implementing effective controls for the most impactful vulnerabilities facing the organisation as they arise.
© Copyright BlueFort Security Ltd.