Customer Story
Barratt employees have corporate-owned iPhones and iPads and use applications that are both third-party and developed in-house. Applications are hosted on-premise and in the private cloud. These apps allow mobile workers to feed information into the company’s systems. One of these applications allows the company to build data entry forms for on-site health and safety reporting that can feed that information to an on-premise server. Like many companies today, Barratt Developments is carrying out a digital transformation program incorporating a ‘cloud preferred’ strategy.
With a growing number of workers outside the corporate perimeter, the Barratt team began looking into mobile security solutions to address the broad spectrum of mobile risk and played well with Microsoft tools. They had particular concerns about application vulnerabilities and phishing attacks reaching mobile users, including via SMS, email and social media.
BlueFort’s continuous discovery, validation, and control methodology is closely aligned and augments both the NIST framework and Gartner’s Continuous Threat Exposure Management (CTEM) principles. This focuses on identifying and validating risk factors that are important for the individual organisation and then taking a threat-led approach to preparation, risk reduction and control strategies.
Utilising the methodology, BlueFort’s consultants undertook a technical ‘deep dive’ of Barratt’s mobile threat surface, which gave them clear visibility of all devices connecting to its network. With an accurate technical blueprint of Barratt’s mobile threat surface, BlueFort was able to validate its cybersecurity state, highlighting actual and potential cybersecurity risks and then implement suitable controls.
Barratt Developments has a Security Operations Centre (SOC), which includes industry-leading Security Information and Event Management (SIEM) and Identity and Access Management (IAM) tools to secure corporate equipment and ports. It deployed BlueFort’s Threat Event Stream, which integrates with its SIEM solution.
Positive results have been achieved. One recent report showed that the platform had flagged 1,700 phishing attacks, including PayPal and Apple-branded attacks that users had clicked on. The platform was able to block any requests to these malicious sites, averting a potential attack.
The company conducts phishing training and tests via its SOC and has mandatory cybersecurity training for all colleagues to further improve the company’s overall security posture.
Its Head of security and compliance looks at the Mobile Threat Defence reporting, and provides the business with statistics, and insight on how many threats have been blocked. When it receives notifications for the latest threat, it looks for any relevant statistics and highlights to the business that the tools it uses are protecting them from security incidents people might be seeing in the news.
The company uses an industry-leading VPN solution for their laptops, but they don’t have a need for VPN on mobile as they use MDM tools to manage devices.
Having gone through the initial discovery and validation journey with a comprehensive review of its mobile threat surface and then completing a control phase to secure its mobile workforce, Barratt Developments is now taking advantage of BlueFort’s Evolve program to build out its broader security strategy, ensure all of its security tooling is working together correctly, and dig deeper into other critical areas in its security environment.
The Evolve platform gives BlueFort clients unlimited, on-demand access to industry experts who have gone through the vetting, testing and curation of exciting new technologies; to help organisations cut through the noise of the cybersecurity market, deliver proactive cyber market research, and provide enhanced support.
Barratt Developments is now leveraging the Evolve services platform to go beyond mobile security, working with BlueFort to take the same principles and methodology back to their external cloud surface and internal security environment.
By applying the same continuous discovery, validation, and control journey, Barratt Developments can maintain a dynamic security posture that continuously shifts in alignment with the most critical threats facing the organisation.
© Copyright BlueFort Security Ltd.