Threat Modeling

For a Financial Company


A fast-paced financial company needed a complete picture of the risk exposure and other vulnerabilities in their environment. They had had multiple penetration tests done previously but desired a structured security approach that maps attack vectors and breaks them down into effects on business assets versus processes.

The company engaged RedLegg’s Penetration Testing Assessments solution, part of the Application Security Program that builds security into all phases of the SDLC. Threat modeling is the second stage in RedLegg’s standard penetration testing methodology, which includes identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively. Companies in regulated industries rely on this methodology to prove due diligence and ensure compliance.

Through the determination of risk and exposure to vulnerabilities, threats that were previously hidden were identified, rated by severity, and remediated. RedLegg then supplied a custom remediation plan that enabled this company to neutralize future threats.

Visibility to these threats and protecting data in accordance with regulations across a growing business is critical to maintaining robust, streamlined operations. RedLegg advises and assists with locking down endpoints and user rights, placing security controls at the most effective points, training on security best practices, and increasing threat and log monitoring. With RedLegg Managed Security Service, this financial company improved its cybersecurity posture and quickly acquired the confidence required to provide consistently secure services and transactions for its customers.