Success stories

Gaining Visibility, Reducing Risk: How Surveil Took Control Of Its Attack Surface With Intruder

Author

Cloud environments move fast, and so do the security challenges that come with them. As engineering teams deploy new systems, security teams often struggle to maintain visibility. Without a clear understanding of what’s exposed, blind spots appear - making it harder to manage risk.

Surveil, a leader in cloud insights and optimization, wanted to get ahead of this challenge and needed a better way to track and secure their evolving attack surface. We spoke to Laurence Dale, CISO & Product Director at Surveil, to learn how they achieved this with Intruder.

The Challenge: Keeping Up with a Sprawling Cloud Environment

For Surveil, maintaining visibility of the assets within their Microsoft Azure environment was a significant challenge.

With developers frequently spinning up new cloud services, the security team needed answers to critical questions, such as:

  • Are all services accounted for?
  • Which assets are unintentionally exposed to the internet?

With their environment evolving so quickly, staying on top of their attack surface was essential to reducing risk.

And this challenge wasn't unique to Surveil. Our research found that organizations only have visibility into 21% of their internet-facing assets, leaving the remaining 79% untracked and vulnerable.

The Solution: Attack Surface Visibility that Drives Down Risk

As an ASM solution with powerful capabilities for cloud environments, Intruder offered exactly what Surveil needed to protect its growing attack surface.

Surveil leveraged our integration with Microsoft Azure to continuously discover and automatically add newly deployed cloud assets to the platform. With automatic scanning enabled, Surveil ensures that new assets are assessed for vulnerabilities and exposures the moment they’re discovered.

“The Azure integration was one of the key attractions for us as a Microsoft cloud-native business. The integration allows us to scan all subscriptions, find all assets, and pick up on changes in our evolving environment. This allows our team to act on changes as needed and keep our overall risk posture as low as possible.”

But security isn't the only benefit. Our integration also helps optimize cloud spend by identifying forgotten or unnecessary services - reducing both risk and costs.

It's easy to connect your cloud accounts with cloud sync.

For Laurence, mean time to remediate (MTTR) is a critical metric for evaluating the effectiveness of Surveil's vulnerability management program and ensuring compliance.

Intruder helps the Surveil team keep MTTR low in several ways:

  • Noise-filtered results allow Surveil to prioritize and address its most critical issues.
  • Our remediation advice supports the team in implementing quick and effective fixes.
  • Reporting and analytics make it easy for Laurence to track and report on MTTR, helping the team continuously improve and stay compliant.
“By clearly providing visibility of exposures in the great user interface, the team are able to assess what’s discovered and act immediately to keep our MTTR as low as possible, meeting our policy objectives.”

Analytics help Laurence track MTTR and remain compliant.

When it came to compliance, a robust vulnerability management program made all the difference - helping Surveil achieve both ISO 27001 and SOC 2 Type 2 certifications. And with our integration with Drata, compliance reporting became effortless by automating the sharing of vulnerability scanning evidence.

“By integrating Intruder with our environment for vulnerability management and leveraging our automation platform with Drata, the two come together to drive down security risk and maintain the compliance needed.”

The Outcome: Better Visibility, Lower Risk, and Easier Compliance

With Intruder, Surveil has transformed its approach to asset discovery, vulnerability management and compliance:

  • Greater Visibility: Automated asset discovery helps Surveil significantly reduce the time assets remain exposed, minimizing risk and closing security gaps across their dynamic environment.
  • Smarter Asset Management: Identifying redundant assets has tightened Surveil's security posture while also cutting unnecessary cloud costs.
  • Simplified Compliance: Our Drata integration streamlines audits and automates reporting, making it easier to maintain compliance.
"I know for a fact we’ve reduced our risk since using Intruder, 
because of the visibility it gives us over our attack surface."

Ready to take control of your attack surface? Learn more about attack surface management with Intruder or book some time to chat with us.

Other success stories

Gaining Visibility, Reducing Risk: How Surveil Took Control Of Its Attack Surface With Intruder

Discover how Surveil partnered with Intruder to gain attack surface visibility, reduce risk, and achieve ISO 27001 and SOC 2 compliance.

How switching to continuous scanning saved British Red Cross Training in more ways than one

Learn how Intruder helped British Red Cross Training expand their insight into security and streamline vulnerability management processes.

How Hill & Smith Holdings PLC achieved comprehensive vulnerability management with Intruder Premium (formerly Vanguard)

Learn how Hill & Smith Holdings PLC benefited from augmenting their organization's security capabilities with Intruder Premium.

Sign up for your free 14-day trial

Try for free