Xepps

Cybersecurity Technology Consulting Client.

Xepps is a web consulting business specialising in helping start-up companies grow with fractional senior leadership resources. 

Managing Director Kristian Epps recently took a start-up company from almost zero internal processes through to successful completion of ISO 27001.

The process revealed large gaps in the startup’s existing process and was a real challenge to implement.

Why Verified Threat?

The company selected VerifiedThreat because it gave the company a powerful way of providing on-going threat intelligence, continual external based assessments and reports, which could map directly into their existing risk ledger set-up. 

The company had good success with a training portal that took the pain of ISO 27001 reporting and evidential proof needed to comply with the standard. Managing Director Kristian Epps said: 

“Demonstrating that you have the latest threat intelligence,  proving that you’re not only reading, but applying the threat intel is not an easy task. We loved VerifiedThreat’s dynamic intelligence, that wasn’t some generic report, but actually demonstrated real threat intelligence on our platforms, with the verified proof of the vulnerability.“

Epps continued:

“Signing into a portal with automated threat intelligence, more than ticked the box, it made the threat data demonstrable and useful. Sticking threat data into a CSV just means the data dies. It’s now in the portal, it's live, it's useful, and it provides the third-party validation needed. “ 

Results

• Improved Threat Intelligence: Automating the threat intelligence and applying it to the company’s risk profile saved a lot of manual effort, and was a painless way to incorporate true risk threat data. 
• Improved Confidence: External investors board and leadership team gained from improved confidence that the company wasn’t just paying lip service to threat detection, but had mature systems and processes in place to ensure continuous monitoring and compliance..
• Operational Efficiency: Senior staff had to spend last time on manual work and compiling threat data and risk register items. Using the portal greatly simplified the process.

Impact

The major impacts are summarised below:

• Technical: Continuous visibility, faster identification of real-world vulnerabilities, and structured prioritisation for remediation.
• Business: Greater confidence for investors, board and senior leadership team. Ensured better protection of sensitive client data and confidence for eco-system partners.

"It’s one thing to have knowledge of a possible threat, but it’s a real game changer to be able to show what you are doing to track and mitigate the threat. VerifiedThreat made our reporting useful and directly actionable - it would have taken a lot of manual effort to keep the threat intelligence up-to-date and make it useful."

‍