Holm Security: Beyond Traditional Vulnerability Management

Holm Security: Beyond Traditional Vulnerability Management

Every organization is vulnerable to cybercriminals in the absence of a good security infrastructure. In the education sector, it is the students’ data that is at risk, while in healthcare, it exposes patients’ data to vulnerabilities. For public sector companies, providing a high level of service and flexibility could be a challenge when people and data are exposed to cyber threats.

For large companies, or even a small one for that matter, gaining visibility across all their IT assets that are spread across public, local, cloud, and IoT environments is not easy. In such circumstances, it becomes challenging to find and secure vulnerabilities before it is compromised by cybercriminals, leading to operational disruptions.

Moreover, as cyber criminals evolve and attacks become sophisticated, businesses need a strong security infrastructure in place. Else, they could be investing all their time and money in fighting against cybercriminals, at the cost of the organization’s priorities. Adding to this, are the innumerable laws, regulations, and compliance requirements that one has to adhere to, and understand, as a business.

Holm Security delivers 360-degree coverage and comprehensive insight to enable companies to detect vulnerabilities, assess risk, and prioritize remediation for every asset in their entire IT infrastructure.

How Holm Security Secures Your IT Systems and Network

A weak cybersecurity infrastructure puts businesses' data at risk. A structured, systematic, and proactive cybersecurity approach is necessary to protect against financial loss, prevent disruption, and protect users from harm.
Holm Security offers an all-in-one platform, covering three layers, with all the tools a business needs - regardless of whether it is consolidating or implementing vulnerability management for the first time.

“We can help businesses find vulnerabilities before any cybercriminal does and ensure their operations run without any disruption. We help businesses understand and remediate the vulnerabilities they have - today and in the future," says Stefan Thelberg, CEO, Holm Security.

Key products that we offer:
1. System & Network Scanning

Holm Security offers an automated and continuous system and network scanner. This feature enables businesses to detect vulnerabilities, assess risk, find blank spots and prioritize remediation for every asset, in every environment - public, local, cloud, and Internet of Things (IoT), container as well as operational technology (OT), Industrial control systems (ICS), supervisory control and data acquisition (SCADA) and programmable logic controller (PLC).

It also offers a complete workflow for remediation, supporting integrations with external systems like Jira and TopDesk, and also supports integrations with a wide range of systems, like SIEM, CMDB, ticketing systems and CI/CD.
What more we do:

  • Discovery scanning and asset management.
  • Unauthenticated and authenticated scanning.
  • AWS and Azure cloud infrastructure scanning.
  • CIS Benchmarks policy scanning best practices.
  • Device Agent - light-weight endpoint agent.
  • Passive/predictive scanning (coming 2021).
  • Compliance scans and reports like GDPR, NIS, ISO27001, PCI DSS, HIPAA, PDPA, SOX, etc.
  • Continuous Monitoring.
  • SAML 2.0 Single Sign-On.
  • Role-Based Access Control (RBAC).
  • Orchestration of multiple Security Centers for large organizations.
  • Full IPv6 support.

2. Web Application Scanning

Holm Security’s web application scanner automatically and continuously scans web applications and APIs for an ever-increasing number of vulnerabilities.

It can find a wide range of vulnerabilities in web applications, including OWASP top 10 vulnerabilities, several thousands of vulnerabilities in specific CMSs such as WordPress, vulnerabilities in REST APIs, misconfigurations, weak passwords, and exposed system information and personal data – in all types of applications.

Features & functions

  • Detects a wide range of misconfigured and vulnerable web applications.
  • Detects faulty permission.
  • Scans local cloud infrastructure, such as AWS.
  • Detects outdated and vulnerable JavaScript components.
  • Detects the exposure of personal data, credit card numbers, and credentials.
  • Detects exposure of system information.
  • Authenticated scanning of web applications.
  • Notifications when SSL certificates are about to expire, have expired, or are vulnerable.
  • Automatically identifies web servers, programming languages, and databases.
  • Fuzz testing (detects if a web application behaves irrationally or unexpectedly).
  • Automatic update of vulnerability database.
  • High precision with a low number of false positives. 

3. Phishing & Awareness Training

Holm Security helps businesses increase resilience. This platform provides systematic and risk-based work with your cybersecurity defense. It can help understand what vulnerabilities to remediate first through a number of automated and simple tools.

“We help you find vulnerabilities in outdated operating systems, services, and software and also find all types of misconfigurations, like insufficient permissions and exposed data, etc.,” Thelberg adds.

What more we do:

i)Simulating social engineering

Simulate email attacks, such as phishing, spear phishing, ransomware, and CEO/CFO phishing. Or create your own custom simulations.

ii) Automating awareness training

Depending on the behavior of each user in the simulation, tailored awareness training is automatically composed and presented to the user.

iii) Providing statistics and reports

Based on the results of the simulation you get detailed statistics that help you identify weak users.

iv) Repeating

Through continuous simulations, you make sure to keep your users up to date with the constantly shifting and latest threats.

Holm Security Helps Huddinge Municipality Find Vulnerabilities and Secure IT Environment

Huddinge municipality is the second-largest municipality in the metropolitan region, in Sweden, with over 110,000 inhabitants and about 6,700 employees. In the event of intrusion or interruption, its systems could be extensively damaged and that could affect its social, elderly care, and childcare services.

The municipality wanted to enhance security measures and secure its IT environment. However, it wasn't sure what it wanted out of the scans and what the work processes would look like. At the same time, it did not want to invest large amounts on products that would remain unused, as is the case with other municipalities.

Holm Security’s Vulnerability Management Platform (VMP) helped it understand vulnerabilities present in the municipality’s IT environment.

"We set up systems and processes and focused our scans and remediation on vulnerabilities in systems deemed essential and business-critical. Scans are performed regularly and completely automated, reducing human hand-laying," says Arne Göranson, IT Security Manager, Huddinge Municipality.

Arne explains that while they were previously aware of system vulnerabilities, they were not readily apparent before employing Holm Security VMP. The platform has helped to visualize shortcomings and simplify communication internally.

For Huddinge municipality, the platform has been a very affordable alternative to increase IT security for creating a more systematic IT security work - according to laws and recommendations such as RSA (Risk and Vulnerability Assessment) and NIS (Network & Information Security).

Future Outlook

Holm Security has over 500 customers and covers 8 markets in Europe and Asia. The company grew by 75 % in 2020 and continues with accelerated growth.

The IT security service provider will release a new agent in 2021 that will cover mobile devices, like laptops. The company is also set to release the first version of its threat intelligence, combining data from devices and user simulations.

“We provide one platform and one view for all environments, policy and compliance scanning, but that also covers the users – building your own human firewall,” concludes Thelberg.