Totalmobile Builds a Single Source of Truth for Its External Attack Surface with Attaxion
| Totalmobile | |
| Company size | Small to medium-sized business |
| Task | External attack surface management for increased visibility of web-facing assets |
| Time to value | 1 hour |
| Results of implementing Attaxion | – Full visibility into the external attack surface – Quick control over the infrastructure – Reduced vulnerability count – Increased awareness across departments and senior management |
Table of Contents
PART 1
Totalmobile is a market leader in Field Service Management, developing software that helps over 1,000 organizations with staff working out in the field — like engineers, care workers, and inspectors — operate more efficiently and safely. It has locations across the UK, Ireland, Australia, and the Nordics.
The Problem: Lack of Visibility Across Assets
One of the challenges that the security team faced was the lack of visibility into disparate or disconnected environments.
The team had been using a well-known enterprise EASM solution that was supposed to help them address this problem, but it was too rigid and impractical. It had a static, click-heavy interface, deeply nested information, and no easy way to export reports. “It had a cumbersome way of presenting the information, and nobody actually had a grip on it,” — said Totalmobile’s SecOps manager.
The team has many assets such as IPs, domains, and subdomains, as well as many parked domains. The EASM solution they used kept adding the associated IP addresses and SSL certificates of those parked domains to their infrastructure inventory. Assets wrongly attributed to them from CDNs were littering the picture as well. One of the challenges the security team encountered was building a single source of truth to control their external assets.
In addition to that, the EASM solution that they were using was quite expensive — partly because of all those assets beyond Totalmobile’s control that were incorrectly attributed to the company. Frustrated with spending thousands per month on a tool that didn’t provide them with the visibility they needed, they started looking for a different solution.
PART 2
The Solution: Attaxion Offers Both Visibility and Flexibility
The Totalmobile security team spent a lot of time scouring the market for EASM solutions that would help them solve each component of the problem:
- get continuous visibility into their external attack surface;
- make it easy to share results with stakeholders;
- create a single source of truth, covering external assets and their respective vulnerabilities, that is free of false positives and false negatives.
They learned that finding a solution to fit their criteria wasn’t as easy as they thought. The Totalmobile team evaluated various solutions, but most either had too many false positives, or completely failed to detect vulnerabilities that the team knew were there. One solution even told them that they, “had no vulnerabilities and could go home now.” Most tools lacked ways to clean up irrelevant or duplicate assets — a feature that quickly became a top priority for Totalmobile.
The team then evaluated Attaxion. Unlike most other tools, it offered a 30-day free trial, which gave Totalmobile the ability to understand the tool better and conclude if it was really worth it. Attaxion provided Totalmobile with complete coverage of their external attack surface with the ability to manage it easily, allowing them to remove assets that were beyond their control and finding the vulnerabilities where they actually existed.
The team decided to stay with Attaxion, because it covered all their needs from the list above, was easy to configure and use, and cost only a fraction of what they had to pay previously.
“Transparent pricing was really important for us. Attaxion doesn’t have hidden costs or paywalled features, which makes it much easier to manage costs,” — said the Head of Information Security at Totalmobile.
“The Attaxion team was very responsive to feedback, willing to understand the problems that we had and ready to look for solutions rather than telling us what we should be seeing.” – Head of Security at the Totalmobile
PART 3
The Result: Full Visibility Across the Entire External Attack Surface
It took the SecOps manager just an hour to get started with Attaxion and several more hours of work to get to the point where it became the single source of truth on the external assets that Totalmobile had.
With Attaxion, the security team at Totalmobile was able to achieve the following:
- Quickly establish control over the infrastructure of acquired businesses.
- Uncover shadow IT and gain visibility into their external assets, ensuring no hidden risks remain.
- Get a technology inventory spanning across the entire organization.
- Eliminate single points of failure, where just one person had knowledge of the infrastructure and their departure could become a major problem.
- Reduce the organization’s attack surface, lowering both the exposed asset count and the number of vulnerabilities.
- Raise infrastructure security awareness across all departments and senior management, making it easier to get buy-in for measures that were important for maintaining a stronger security posture.
“Attaxion is the only EASM tool I’ve come across that’s truly built for security, not just for making money.” – SecOps Manager at Totalmobile
Want to gain clear visibility into your external attack surface in mere hours, like Totalmobile did?
Start a free 30-day Attaxion trial or book a personal demo.