How Attaxion Replaced Ineffective Legacy Scanning in a U.S. Public University
| Public University | |
| Company size | Medium-sized state-funded organization |
| Task | External attack surface management for distributed web-facing environments |
| Time to value | < 30 days |
| Results of implementing Attaxion | – Full visibility into all external assets, including previously unknown web apps – Continuous scanning without failures – Faster remediation cycles – Reduced infrastructure footprint while improving performance |
Table of Contents
PART 1
A public university in the United States with decentralized IT operations across colleges and departments was looking to enable external attack surface management to improve their overall security posture. The university serves thousands of students, faculty, and staff, with a small central security team responsible for protecting the institution’s external digital presence.
The Challenge
The university’s vulnerability management approach was fragmented. Its on-premises vulnerability management tool focused only on server infrastructure and failed to account for web applications and other public-facing assets.
They used a DAST tool to compensate for that, but it had its own problems. The server it was deployed on had resource limitations that impacted the number of concurrent scans it could run, leaving critical parts of the university’s attack surface unscanned. Without a centralized view of external exposures — and with a security team of just five — managing risks across such a large, distributed environment was increasingly unsustainable.
The team needed a more reliable and lightweight, fully hosted solution that could:
- Automatically discover and assess all external assets.
- Cover both servers and web applications.
- Prioritize and validate vulnerabilities before sending them downstream.
Integrate cleanly with existing tools like Atlassian Jira to improve remediation workflows.
PART 2
The Solution
They chose Attaxion for a unified, agentless, cloud-based platform that offered full visibility into the university’s external attack surface. With minimal setup and no need for additional hardware, the security team was able to:
- Automatically discover assets across decentralized departments and environments.
- Perform continuous vulnerability scans across all external assets — including web apps.
- Monitor traffic to and from their external assets, detecting communications with malicious IP addresses.
- Prioritize issues based on the risk they posed before pushing them into remediation queues.
- Seamlessly integrate with Jira, enabling fast ticket creation and better collaboration with IT teams.
Attaxion’s intuitive interface and low operational overhead meant the five-person security team could stay focused on real risks without managing infrastructure or chasing false positives.
“Our legacy security toolstack was fragmented and had gaps. Attaxion replaced multiple tools, providing us with a user-friendly interface to manage our external attack surface.” – Director of Information Security, U.S. Public University
PART 3
The Result
With Attaxion, less than 30 days after starting the proof of concept (PoC), the university managed to achieve:
- Full visibility into all external assets, including web applications that were previously unknown to the security team, and traffic to and from IP addresses in their infrastructure.
- Continuous scanning without failures, eliminating dependence on limited server resources.
- Faster remediation cycles through direct JIRA integration.
- Zero added infrastructure or performance drag on the university’s systems.
“Having Attaxion to cover both DAST and server scanning and not maintaining our own infrastructure made our lives so much easier.” – Director of Information Security, U.S. Public University
Want to gain clear visibility into your external attack surface?
Start a free 30-day Attaxion trial or book a personal demo.