Media Giant Strengthens Security Operations with AppSOC

This case study focuses on a major multinational media company, a global leader in the media and publishing industries. With more than 50,000 employees and operations across 6 main business units, this organization plays a significant role in educational media and manages several prominent international publishing brands. The company’s global footprint and expansive operations present unique challenges in ensuring the security of its digital assets.

As a media conglomerate, the company’s assets are largely digital, encompassing vast amounts of intellectual property and data. Any security breach or cyber-attack could result in substantial financial losses, reputational damage, and interruptions to its operations. Maintaining robust security measures to protect its extensive range of digital assets is essential.

The cybersecurity team of this enterprise was responsible for managing the security of more than 4,000 assets, which were scanned using various security tools. The complexity of the company’s security infrastructure posed significant challenges, particularly when it came to consolidating findings from multiple tools and automating workflows through Jira for issue tracking. The existing systems were inefficient, making it difficult to ensure that all application assets were regularly and thoroughly scanned.

One of the major challenges was the manual management of business context metrics, which are essential for prioritizing vulnerabilities and ensuring that security efforts are focused on the most critical issues. Given the size of the company and the vast number of digital assets, manually handling this information was proving to be too cumbersome. In addition, the company needed to ensure that all application assets were being scanned consistently to prevent vulnerabilities from slipping through development unnoticed.

The company also sought to avoid introducing additional complexity into an already intricate security system. It needed a solution that could seamlessly integrate with its existing infrastructure and tools while improving efficiency.

To address these challenges, the media company chose to implement AppSOC after conducting an extensive proof-of-value (POV) process. AppSOC provided the functionality needed to integrate with the company's multiple scanning tools, including:

• Veracode DAST (Crashtest)
• Checkmarx SAST (Static Application Security Testing)
• Microsoft Defender (Attack surface management)
• Twistlock (Container vulnerability management)
• Slack (for notifications)
• Jira (for managing ticketing workflows)

AppSOC enabled the company’s cybersecurity team to establish business context metrics that facilitated the prioritization of risks. This helped the team focus on the most critical vulnerabilities, ensuring that its resources were deployed where they were needed most. Furthermore, AppSOC provided a mechanism to validate that all application assets were consistently scanned, addressing a core concern for the company.

One of the standout features of AppSOC was its bidirectional integration with Jira. This feature allowed the company to automate its workflows and track vulnerabilities and remediation efforts without adding unnecessary complexity. AppSOC also featured intuitive dashboards that provided clear visibility into security data across the various business units, enabling the company to review security performance at both the organizational and unit-specific levels. This capability was especially important given the company’s size and distributed nature.

AppSOC’s noise reduction capabilities were another critical benefit. In large organizations, security tools often generate redundant or low-priority tickets, which can overwhelm analysts and divert attention from more pressing issues. AppSOC addressed this by filtering out unnecessary tickets, allowing the media company’s security team to focus on genuine risks rather than being bogged down by extraneous issues.

Additionally, AppSOC’s flexibility in deployment made it an ideal fit for the company. The ability to quickly demonstrate the platform’s value during the POV process helped the team justify its implementation to key stakeholders. This quick implementation, combined with AppSOC’s seamless integration into the company’s existing operations, allowed the security team to start reaping the benefits almost immediately.

AppSOC proved to be a game-changer for the customer’s IT security operations. By consolidating data from multiple tools into a single platform, the security team was able to better prioritize risks and track performance across different business units. The head of IT security for the company commented, “AppSOC has been a game changer, helping us consolidate findings, prioritize them based on risk, and track performance across business units.” This testimonial underscores the significant improvements the platform brought to the company's security operations.

Through the integration of AppSOC, the media company achieved its goal of reducing complexity in its security processes while ensuring all assets were scanned and vulnerabilities