Leading North American Manufacturer Uses Bitsight to Combat Cyber Risk and Boost Security Rating
“Discovering and validating areas of concentrated risk across a large digital footprint can be challenging. Bitsight makes it easy by automatically digesting thousands of risk vectors into an at-a-glance view so we can quickly pinpoint risks by severity, prioritize remediation efforts and drive continuous improvement.”
Background
Cornerstone Building Brands is the largest manufacturer of exterior building products in North America by sales, and serves residential and commercial customers across both the new construction and repair and remodel markets. They employ a multichannel distribution strategy with 165 manufacturing and warehouse facilities across North America.
In recent years, the company has experienced accelerated organic and inorganic growth resulting in an expanded digital footprint that requires the proactive detection and remediation of cyber risks.
“Visibility into critical exposure points across our expansive digital perimeter is critical," said Jason Adams, director of cybersecurity at Cornerstone Building Brands. "And when we identify risks, we need an objective standard by which to validate, triage and mitigate them."
Cornerstone Building Brands turned to Bitsight for Security Performance Management (SPM) to address this challenge.
A trusted solution for measuring and understanding digital risk exposure
Adams used Bitsight for SPM in a previous role with another company and was confident it would be a good fit for Cornerstone Building Brands.
Bitsight for SPM continuously monitors risk exposure across the entire digital ecosystem, keeping a constant check on emerging vulnerabilities with risk-based dashboard views.
Findings are presented as a security rating that can range in value from 250 to 900, with the current achievable range being 300-820, with a higher rating indicating better cybersecurity performance.
“I’d tested a variety of security ratings solutions but found Bitsight to be the most comprehensive in its analytics and insight into risk exposure,” said Adams.
With Bitsight for SPM, Cornerstone Building Brands can:
- Discover and validate the security posture of external assets — such as access ports and thousands of IP addresses — with a high level of accuracy
- Gain insight into the security posture of merger and acquisition targets to reduce post-acquisition portfolio risk
- Benchmark security performance against industry peers and set achievable security goals based on relative performance within the context of a meaningful peer group
- Communicate security progress more clearly and effectively
- Better prioritize security resources and investment
“In the past year, we’ve experienced M&A activity. Bitsight has been critical in helping us gauge what work needs to be done to proactively align these organizations with our security policy and ensure we don’t inherit cyber risk.”
Evaluating cyber risk across a massive footprint
Bitsight for SPM provides a comprehensive and accurate picture of Cornerstone Building Brands' security performance. With this wide aperture, Adams’ team can easily identify exposure across the entire ecosystem.
“Discovering and validating areas of concentrated risk across a large digital footprint can be challenging,” said Adams. “Bitsight makes it easy by automatically digesting thousands of risk vectors into an at-a-glance view so we can quickly pinpoint risks by severity, prioritize remediation efforts and drive continuous improvement.”
Adams has tried other security rating systems, but Bitsight stands out. “Bitsight for SPM provides rich detail without being counterproductive,” he explained. “I can drill down into each alert to better inform remediation. That richness of information is something I can’t get with other products. Plus, we can verify whether our efforts are working, thereby driving efficiencies.”
Since using Bitsight, Cornerstone Building Brands has improved its security rating and now ranks among the top quartile of its peers. This is significant because when utilized, Bitsight is the only security ratings platform proven to correlate with a reduction in an organization’s likelihood of suffering a data breach.
Reducing M&A risk
M&A targets can introduce unwanted threats that aren’t detected until it’s too late, negatively impacting a deal’s value and completion. To reduce this risk, Adams uses Bitsight to gather externally-observable risk metrics about a target company’s security posture early in the M&A process.
He explained: “In the past year, we’ve experienced M&A activity. Bitsight has been critical in helping us gauge what work needs to be done to proactively align these organizations with our security policy so we don’t inherit cyber risk.”
Supported by a customer-centric culture
Bitsight’s responsive support team is also important to Adams. “I appreciate the human relationship behind the technology,” he said. “Bitsight has built a culture of customer support that is consistent, responsive, reliable and best-in-class. I place a high value on the product and our relationship.”