Case Study

Making Security Everyone’s Business with Prioritization & Collaboration

Silk has positively impacted both the productivity and the efficiency of the security team in identifying risks to the business, as well as how the function of security is integrated into our development processes. The security team can collaborate more closely with development teams responsible for the fix implementation of identified priorities, and improve our overall risk profile."

-- Frank Baalbergen, CISO at Mendix

Challenge

The growing alert backlog from fragmented tools, compounded many of the issues the security team wrestled with:

  • Maintaining a consolidated, contextualized view of risk posture and priorities across pipelines
  • Reducing the alert fatigue felt by software development teams regarding which remediation requests to focus on first 
  • Determining which fixer or team was responsible for implementing a remediation 
  • Providing the right level of context to improve how well software development teams understand security requirements   

Solution

Deployed Silk Security, with integrations into code repositories, cloud and on-premise detection tools and cloud security monitoring tools to:  

  • Gain consolidated security visibility from code to cloud 
  • Prioritize remediation actions based on risk and business context, reduce alert backlog
  • Leverage better view of risk profile and priorities to communicate and align with software development teams on where to focus, and why - helping to reverse their security alert fatigue 
  • Improve overall security posture as well as productivity of the security team by identifying the right fixers and facilitating remediation with automated ticketing
  • Accommodate teams model for fixers in software development teams with ticketing integration customization
  • Scale remediation operationalization through bulk ticketing in remediation campaigns for findings with a common fix 

Outcome

With Silk's consolidated, deduped and correlated view of findings, reduced manual review by 80%

Reduced time spent on prioritization efforts by 70%

Reduced time spent identifying and assigning fix responsibility by 80%

Improved number of closed tickets by 600% on a monthly basis

  • Transformed the interaction between security and software development teams, helping to prioritize risk, communicate priorities and facilitate remediation in a consolidated, transparent process
  • Automated generating individual tickets for findings with a common fix with Silk remediation campaigns 
  • Improved mean time to resolution to days from weeks

Want to read the full case study?