Solutions from F-Secure
Manhattan SA is a French cyber security consultancy firm founded in 2001. The company specializes in dealing with modern cyber-crime, and designing and delivering state-of-the-art security measures for a variety of corporate IT environments. Manhattan is known for effectively solving their customers’ security and communication issues, and delivering sustainable cyber security solutions that support business continuity in the long-term. To this effect, the company strives to constantly improve their operating practices and business models. Manhattan has offices in Lyon, Paris and Metz.
One of Manhattan’s core service areas is penetration testing, where the organization conducts extensive simulated attacks on clients’ networks to test their fortitude against real cyber attacks. As penetration tests are often carried out with quite a short notice, Manhattan’s IT security engineers, such as Boris Parat, need agile and easily-configurable software to help make the process as easy as possible.
“My job is ‘roughen up’ our customers’ networks: see what they’re built of, identify and find any assets that are stored within them, and ultimately report on how vulnerable or hardened they are”, Parat says. “I start my analysis with a comprehensive vulnerability scan, after which I proceed with manual penetration testing. At the end of the assessment I formulate a detailed report on my findings and improvement recommendations, which we go through together with the customer.”
To keep the testing phase fluid, Manhattan’s IT engineers cannot waste any time on needless and time-consuming software configuration tasks – they need their testing tools to be effective, simple-to-use and reliable. Good penetration testing requires much more than the firing of a few standard attacks against an organization’s cyber security programs – a significant part of the equation is heavily dependent on human intelligence and creativity, and calls for quite a few man hours. As such, there’s no time to be wasted on demanding software installations or arduous training programs for complex security tools.
“Our output – our customer promise – is an all-encompassing and trustworthy security report, from which our client can glean actionable insights to improve their security. We absolutely need a good vulnerability management platform to achieve this, but I was personally getting quite desperate, as nothing on the marketplace seemed to meet our needs.”
Before switching to F-Secure Radar, Manhattan was using Tenable’s Nessus solution. Although they found Nessus to be adequate in its scanning capabilities, the platform had many other issues, which made it slow and cumbersome. Parat found Nessus to include a vast number of feature options, menus and functions, which made using it as his main vulnerability scanning tool increasingly difficult.
“Nessus requires a lot of customization before you can put it properly into action”, Parat says. “When I have a week to deliver a complex project to a customer, I don’t want to waste my time with needlessly customizing the tools I need to perform my job. Although necessary for the completion of the projects, Nessus made my life just plain difficult.”
While looking for another solution to replace their vulnerability management platform, Parat also evaluated Rapid7’s Nexpose software, and found it suffering from similar issues with Nessus.
“You actually need to be trained to be able to use Nexpose properly – I simply cannot spare the time for something like that”, Parat explains. “With Radar, this is not necessary. I just install a scan node on one of our customers’ servers, and can start my work immediately – it’s a two-minute job.”
Parat also found both Nessus and Nexpose lacking in terms of their analytics and reporting. “Both platforms produce reports which are not only thousands of pages long and completely illegible, but which you can’t edit. This is completely unacceptable”, the IT engineer states. “With Radar, I can create brief, easy to read reports, which I can edit to suit the project’s demands.
When Parat went to discuss his issues regarding the two platforms with Manhattan’s management, his supervisors immediately suggested he try F-Secure Radar. The cyber security company quickly equipped Manhattan with a Radar demo account, and Parat began testing the software in action. The IT engineer was impressed since the first installation and scanning test.
“In addition to being lighter to use and simpler to deploy, Radar actually managed to find more vulnerabilities compared to our old solutions. The number of our false positives also decreased significantly”, Parat exclaims. “I immediately told management that I would like to work with Radar in the future, and integrate it fully into our service delivery.”
Manhattan’s core business serves mainly small and medium sized companies, but the company also has enterprises listed on stock exchanges in its client roster. Parat singles out two key benefits Radar has in terms of larger customer companies. Firstly, Radar works completely in the cloud, so there’s no need to install separate software to access the Radar Security Center, which is used to manage the vulnerability scanning process. Secondly, the Radar scan nodes can be installed easily on the customers’ servers, and used to perform scans anywhere in the network.
“Radar’s customizable reports allow me to deliver useful and actionable information to our customers, which they can put to use immediately.”
“Radar’s simplicity and speed are the factors I appreciate the most”, Parat concludes. “Since the first time I tried it, I was convinced that Radar was the solution for us.”