Challenge

Hertz Israel, the Israeli franchise of Hertz Company, is owned by Mayer’s Cars and Trucks Ltd and has 60 sites throughout the country. With a small security team, CISO Ariel Kashir outsourced threat monitoring but recognized that annual penetration tests only provided a point-in-time snapshot view of the Hertz Israel security. He knew that proactive security needed a more continuous approach to seek out gaps and improve defenses before the next attack.

Like most security teams, Hertz Israel did not have the internal resources to manually validate its security controls on a regular basis. Additionally, the security team often lacked visibility to changes in the IT infrastructure and applications that could cause security drift.

Although Ariel was not looking for a continuous security validation tool, he recently invested in a new security control and decided to conduct a POC with Cymulate to see if the control was integrated and tuned correctly.

Ariel recalled, “When I ran the Cymulate assessment against my newly configured security control, I discovered that it wasn’t monitoring or mitigating threats the way I expected it to. I realized then that I needed a solution like Cymulate to independently validate Hertz’s security.”

The Cymulate Solution

Hertz utilized the Cymulate platform by focusing on each of its security controls, one by one, and assessing, optimizing, and validating their efficacy. Within 4 months, after the security team configured a new firewall and finetuned its web application firewall, endpoint, and email gateway, the team reduced its cyber risk by 81%.

After seeing Hertz Israel benefit from Cymulate, Mayer’s Cars and Trucks Ltd also purchased the Cymulate platform.

Ariel explained that Hertz uses Cymulate to:

Continuously validate its security controls
“We don’t have the budget or resources to run pen tests after every update to security controls. With Cymulate, it takes less than 30 minutes to run assessments and understand if the control is actually protecting your organization. It’s like having an in-house pen tester at your fingertips.”

Take an “assume breach” approach to security
“The Cymulate Hopper capability allows us to understand what can happen if an attacker gets through our defenses and into our network. When we ran the initial Hopper assessment, our risk score was 100/100, and after a short period, we worked to get our score down to 2/100.”

Baseline risk and monitor security drift
“Now that we have visibility of our security controls, Cymulate enables us to create a baseline and receive alerts whenever our risk increases to address the problem immediately.”

Gradually increase the organization’s security maturity
“I know that the Cymulate suite of products can grow with our organization as we increase our security maturity. Once we master one aspect of our security, the Cymulate platform will support us as we move on to the next challenge.”

Create vendor terms and conditions
“When I add a new vendor and want to ensure that its solution is fully optimized in my security environment, I include in the contract that the vendor must reduce my Cymulate risk score by X amount. This is the trust that I put in the Cymulate platform.”

Benefits

  • Breadth and depth of testing – Cymulate provides an extensive library of threat intelligence-led risk assessments that are simple to deploy and regularly updated, enabling the team to test its security more extensively than it was able to do before with manual penetration tests.
  • Real-time visibility – The Hertz team no longer needs to wait for its yearly penetration test to understand how its security is performing and where it needs to invest its resources to reduce risk.
  • Business and technical reporting – The Cymulate business reports enable Ariel to improve communication with the organization’s stakeholders. In addition, the technical reports allow for targeted data-based discussions with the IT team on reducing risk.
  • Excellent customer support – The continued support and weekly meetings with the customer success team ensure that Hertz uses the platform to its full potential.