Rand Machine Reduces MTTR for External Vulnerabilities by 25% with Attaxion
| Rand Machine Products | |
| Company size | Small business |
| Task | Automated asset discovery and vulnerability prioritization |
| Time to value | < 1 hour |
| Results of implementing Attaxion | – 100% faster new asset discovery – 25% lower MTTR – 20% time savings on external vulnerability remediation |
Table of Contents
PART 1
Rand Machine is a manufacturer that has been building complex parts of all sizes for global companies for over 70 years, with a focus on accuracy and tight tolerances. They specialize in precision machining for the aerospace, defense, industrial, and commercial industries.
The Challenge
Maintaining a strong security posture is a top priority for Rand Machine, especially as it must uphold its reputation and compliance with the government. That involves securing web portals, email systems, and other external assets — across their infrastructure and also the companies they’ve recently acquired.
The main challenges the manufacturer faced were:
- Limited visibility: The company relied on an MDR provider that scanned fixed targets only once a month, potentially leaving blind spots when new systems were added to the infrastructure within that timeframe.
- Manual tracking: The security team used a manual, spreadsheet-based asset inventory. While they were able to stay on top of the company’s external asset inventory, this manual approach was time-consuming and slow to reflect changes.
- Knowledge gaps: The acquisitions created gaps in the spreadsheet. It was difficult for the security staff to get a full and up-to-date picture of the newly acquired companies’ external attack surfaces.
“Acquisitions were adding assets to our attack surface that we were not aware of, together with new attack vectors. Manually scanning a fixed list of targets doesn’t cut it anymore when you acquire new infrastructure that may not have been properly documented before.” – Alex Johnson, Information System Security Manager at Rand Machine Products.
PART 2
The Solution
Alex Johnson, the company’s Information System Security Manager knew they needed to amp up their visibility into external assets by relying on security automation. The MDR vendor they worked with was offering a solution, but an expensive one, so Johnson and the team went out to look for alternatives that would be both better and more affordable.
They settled with Attaxion as a cost-effective, high-coverage, and easy-to-use solution. The platform now serves as Rand Machine’s central location for all external vulnerability data. The security team uses Attaxion to:
- Automatically discover new assets and open ports.
- Prioritize issues using Common Vulnerability Scoring System (CVSS) scores and the Known Exploited Vulnerabilities (KEV) catalog.
- Generate vulnerability and asset discovery reports for the stakeholders.
- Continuously monitor infrastructure across multiple locations.
“Even during the demo, Attaxion found assets we didn’t know existed. I’d recommend any company to ask themselves: “How long does it take us to identify all our external assets?” Then talk to Attaxion’s team and see how well it does that job for them.” – Alex Johnson, Information System Security Manager at Rand Machine.
PART 3
The Result
During the demo, the Rand Machine security team discovered assets they didn’t know existed. As a result of implementing Attaxion, Alex Johnson and the team were able to:
- Increase the new asset discovery speed by nearly 100%.
- Find vulnerabilities faster and speed up their remediation thanks to one-click ticket creation and automatically gathered remediation advice, effectively reducing MTTR by 25%.
- Save about 20% of time spent on external vulnerability discovery and remediation. The extra time the team got allows them to focus more on internal vulnerability remediation and compliance, significantly improving Rand Machine’s overall security posture.
Want to gain clear visibility into your external attack surface and speed up remediation, like Rand Machine?
Start a free 30-day Attaxion trial or book a personal demo.