Health Sisters Hospital System Transforms Vulnerability Management
The Hospital Sisters Health System, or HSHS, is a non-profit healthcare system operating a network of 13 hospitals and other facilities throughout Illinois and Wisconsin.
The Challenge
Exposure Assessment & Remediation
Most significantly, HSHS sought to better understand which vulnerabilities actually posed the greatest threat to their operation. They were experiencing an overwhelming volume of critical vulnerabilities that were consuming resources, resulting in lengthy remediation times. Knowing which exposures to prioritize is key to transforming threat and vulnerability management and remain ahead of ransomware and nation-state threat actors targeting their industry. With this focused prioritization, HSHS could better mobilize resources for optimized risk reduction.
The Solution
With these objectives in mind, HSHS approached Zafran in Q3 of 2024. HSHS began and completed a 3-week evaluation of the Zafran Threat Exposure Management Platform in September 2024. The results from this POV met or exceeded all defined success criteria. HSHS chose Zafran because it not only efficiently aggregated and automatically analyzed vulnerability data from across its enterprise into a single view, but also identified the most exploitable vulnerabilities in their environment.
The compensating controls [analysis] by Zafran brings a new light to TVM that we’ve never had before. It is unique compared to other CTEM platforms.
Going beyond generic CVSS risk severity, Zafran analyzed runtime presence of CVEs, internet exposure of assets at risk, threat intel of adversary activity, and available compensating controls already in their security stack, to pinpoint the exposures most likely to be exploited by threat actors. Unlike any other CTEM solution, Zafran then expedited risk mitigation using those same security controls, without waiting on patch or maintenance windows. According to their Sr. Information Security Analyst leading the evaluation, this was truly a game changer:
Implementation
HSHS characterized the initial deployment of Zafran as, in their own words, “very easy.” As an agentless SaaS solution, Zafran quickly integrated with HSHS’ existing on-premises and cloud-hosted security tools through API. Once connected, Zafran began analyzing the customer’s vulnerability data, developing new context, and providing detailed guidance and evidence to improve threat and vulnerability management. Owing to a very broad cross-functional team using the solution, several training sessions were held. HSHS gave high marks for support and responsiveness, stating “Zafran’s staff truly feel like a part of our team, it’s easy to tell they care about your organization just as much as you do. Their engineers and technical folks have been able to answer all of our questions, which allowed implementation to go very smoothly.”
Results
Since implementing the Zafran Threat Exposure Management Platform, HSHS has reduced the number of vulnerabilities requiring urgent remediation action by 87%. This has increased focus on those exposures which actually pose the greater risk to HSHS, backed by supporting evidence. Zafran has already helped HSHS reduce MTTR through improved cross-functional coordination and information sharing between Security and those who actually remediate exposures. “Because of this [better coordination], the amount of time required to address vulnerability remediation has been reduced,” thereby shrinking the exposure window and enhancing productivity.With Zafran, HSHS are also better able to track and address high-profile vulnerabilities and threat actor activity specific to their industry. Relatedly, the solution has significantly reduced the time to identify which assets are more vulnerable to specific threat actors.
The Hospital Sisters Health System, or HSHS, is a non-profit healthcare system operating a network of 13 hospitals and other facilities throughout Illinois and Wisconsin.
Industry
Primary Use Cases
Key Outcome
87%
Reduction in critical vulnerabilities
Zafran provides us with clarity, control, and confidence… by revealing our critical risks, mitigating them to quickly compress the window of exposure, and operationalizing remediation at scale.
Greg GarneauVP/CISO, Hospital Sisters Health System
Learn More
Zafran works closely with its customers, to transform exposure management to remain ahead of adversaries, to know with confidence what is most exploitable in their environment, and to rapidly remediate the risk. We invite you to see what our customers already know. Come see the power of Zafran.
See Zafran in Action
Prioritize and fix what is truly exploitable using risk context from your existing security tools
