Crisp: Secure From the Start

Internet child-safety services and software provider builds comprehensive and automated vulnerability management program to ensure the security of its growing operations.

It’s nearly impossible to think of any task that’s more critical than protecting the safety of children. Unfortunately, it seems that nearly every day there are headlines about children being approached online, or even abducted as a result of connections made through websites, virtual worlds, or instant messaging conversations. Fortunately, while technology helps enable predators, it also can be used — and increasingly so — to find and stop them. That’s where UK-based Crisp Thinking steps in, having developed the world’s first anti-grooming engine that spots and flags potentially dangerous conversations between children and online predators. When Crisp detects a potential grooming conversation, it will alert parents by e-mail or text message. And to ensure young people’s privacy, the software sends only parts of the conversation it deems potentially dangerous.

Crisp: High Level of Infrastructure Security and Integrity Are Crucial

Because Crisp works so closely with law enforcement and Internet service providers, the security of its infrastructure is crucial. “The nature of our work is very sensitive; since we work so closely with many major ISPs, we have to ensure that we comply with their vigorous security practices as well,” says Mark Steer, Crisp Thinking’s general manager in the UK.

To keep its systems secure, Crisp employs all of the technologies one would expect, such as anti-malware, firewalls, and access controls, and enforces tight security policies. A central role of its security program is putting into place a comprehensive vulnerability management program. “As a new company, we needed to build our security and risk management program from scratch,” explains Steer. “That includes having some level of third-party validation of our security posture,” he says.

In order to assure security of its business-technology systems, which consist of a few dozen Windows 2003 servers in addition to several dozen Linux servers, Crisp needed to find a fully automated and accurate way to baseline the security status of these systems and find and prioritize any potential vulnerabilities.

Qualys: Accurate Security Checks, Actionable Reporting for Quick Remediation

While in search of a vulnerability and risk management solution, Steer learned that Qualys makes available a 14-day free test drive of Qualys. “As soon as we started into the trial, we realized how effective and accurate it was,” Steer explains. “That’s when we decided to choose Qualys.”

That reaction to the first introduction to Qualys is not unusual. Without requiring any servers or software to deploy and manage, Qualys is installed quickly and enables organizations of all sizes to reduce their risks and streamline security and regulatory compliance policy management in a single platform. In fact, Qualys automates the process of vulnerability management and policy compliance throughout an organization’s IT infrastructure. It also provides streamlined network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking according to actual business risk. Also, Qualys’ policy compliance features allow security managers to audit, enforce, and document compliance with internal security policies as well as external regulations.

The Results: Reduction of Risk Through Highly Automated and Proactive Controls

The flexibility of Qualys’ on-demand Web delivery and management model makes it possible for Crisp to set up routine automated vulnerability assessments that periodically examine segments of its infrastructure. Today, Crisp automatically scans its systems every day, so that they’re always up to date. “We check daily, and we appreciate how Qualys enables us to stay on top of our status,” Steer says.

Now, as a result of its Qualys deployment, Crisp is able to continuously discover and prioritize all networked assets. In that way, no one is caught off guard by rogue system deployments, and Steer and his team can eliminate quickly the vulnerabilities that make network attacks possible — before they become a true risk. “Because we have a new architecture, our initial scans didn’t uncover reams of vulnerabilities, but the continuous scanning by Qualys will help us to make sure we keep it that way,” he says.

Beyond the highly accurate vulnerability identification, Qualys provides the insightful reports that Steer needs to remedy potential security gaps. “Qualys’ reporting is excellent. Everyday, I get a status reports e-mailed to me so I can check the severity of the vulnerability, and the report provides enough information that I can make smart decisions about the best way to implement a fix,” Steer says.

This vulnerability and risk management foundation that Crisp’s IT team has put into motion will serve the company well while it continues its global expansion, such as its recent acquisition of US-based Internet child safety firm IMSafer. “Qualys has given us a centralized layer of control over our vulnerabilities, and that capability will become even more critical as we expand globally,” Steer says.