GTK scores a near perfect score of 9 on a Hailstorm (a Trustwave application) application vulnerability scan.
A large global supply chain and logistics service provider recently selected GTK to manage its FTZ operations. While the FTZ implementation model was new to both GTK and the customer, the resources from both teams worked diligently and got the solutions ready to be implemented within a record time. User acceptance went as planned and the system was ready to move to production. Then Murphy’s law prevailed. Murphy felt insulted with the near perfect performance and decided to throw his hat in the arena in the form of information security. A vulnerability scan was required to be done and a passing score of less than 750 has to be achieved in order for all external facing applications to move to production.
As GTK was an externally hosted application on the cloud the scan became a critical element as well as a hurdle in the path of go-live. The first scan conducted on Jan 15th resulted in a HARM score of 2000+ no where near the acceptable level. 3 scans were conducted between Jan 15th to Feb 6th with varying scores in the range of 2000-3000. Changes were made and another new scan run on Feb 6th was even worse with a score of 6523 with new additional issues. Due to the nature of the scans, new vulnerabilities were being identified in every new scan.
With the end no where near sight and the pressure to go-live, the teams were getting anxious. GTK resources were ready to face this challenge and over a marathon session of sleepless 60 hours changes were made to the application to address the vulnerabilities identified and a new scan was run again on Feb 13th.
In the very own words of the Senior Security Analyst from the customer’s infosec team –
“Additional manual verifications through various portions of the site, using Burp Suite, validated the team has remediated the HARM score down to an impressive score of 9 points. This should definitely be commended, considering the HARM score was at 6523, about 2 weeks ago.
Nice work GTK.”
Yes, GTK was able to achieve a HARM score of a near perfect 9. To add to the above, GTK currently ranks in the top 5 applications based on its HARM score in the customer’s total application portfolio of over 800 applications. This score was also achieved in a record time of 3.5 weeks which no other application was able to achieve.
Our team has now gone back to work to get the score down to a perfect 0. This was an unique challenge that the GTK team accepted and delivered successfully as like any other challenge we have been able to deliver on for our customers.
GTK’s has always been a very strong player in the GTM software market with its feature rich products and outstanding customer support. Adding a jewel to our crown is this new validation of our application’s security. We are confident that this will give peace of mind to not only our existing customers but also for companies who are in the market for a new or replacement GTM software.