Globeleq is an independent power company which owns, operates, constructs and develops power projects in Africa. The organization has a small cybersecurity team working out of its South African offices, with an IT team in each of its operational locations. To optimize manpower, the team utilizes service providers for penetration testing and security validation. With outsourced manual security assessments, Globeleq faced common challenges related to security control validation.
Manual penetration testing was time-consuming and labor-intensive. Penetration testing had to be done separately for each location and often required the security team’s physical presence to perform tests and review controls manually.
Assessments provided a point-in-time picture. The security team did not have the tools or resources to continuously test and validate that its security was protecting the business. Globeleq’s board wanted ongoing independent security validation to give the organization more visibility of its security posture.
Emergent threats were difficult to evaluate immediately. The small security team could not keep up with the pace of new threats. The team would rely on general threat intelligence sources to provide information on the latest threats, making it time-consuming to research the threat, manually create an assessment to test against it and remediate if the threat got through its defenses.
The team lacked standardized security metrics across the entire organization. The security team wanted a standardized view of its security posture in all locations. The team had to manually keep track of the metrics it would get from each of its disparate security tools and its penetration tests. In addition, each penetration test was dependent on the skill of the professional conducting the assessment, making the test results inconsistent across the organization.
The Cymulate Solution
Globeleq required an automated way to assess its security posture across all its locations continuously. The solution had to be a tool the small team could independently use that provided near real-time metrics about the organization’s security posture. After evaluating the automated security validation tools in the market, Globeleq chose to implement Cymulate because it provided the best reporting and dashboards.
Renaldo Jack, Group Cybersecurity Head, explained that Cymulate provides his team with:
Continuous independent security validation
“We no longer have to wait for a periodic pen test every six months. With the same small security team, Cymulate allows us to optimize our resources and use automation to run more assessments continuously.”
A risk-based approach to cybersecurity
“Cymulate gives us visibility regarding what misconfigurations are exploitable so we can prioritize remediation. It allows us to take a risk-based approach.”
Immediate assessments against emergent threats
“With Cymulate, we can almost immediately assess each of our environments against new threats.”
Lateral movement assessments
“The Hopper capability helps us understand where our gaps are and what we need to do to prevent a real attacker from moving laterally within our environment and reduce the ‘blast radius.’”
A standardized view of Globeleq’s security posture
“Cymulate provides us with the visibility and standardization we were missing. The platform’s analytics and reporting make providing a holistic view of our cyber security posture to management and the board easier.”
Benefits
The security team has embedded Cymulate into many of its security processes:
Independence Even without an in-house red team, Globeleq has independence over its security and threat validation and can run assessments whenever it needs.
Increased productivity The platform’s automation enables the small team to optimize its resources and test all its environments with the click of a button.
Board-ready metrics Cymulate integrates with the team’s security tools to collect standardized metrics that analyze cyber resilience and baseline security posture over time.
Cymulate allows us to assess our security posture in near real-time.
