Securing the Perimeter

As Equifax rebuilds its technology systems and migrates its data and assets to the cloud, its security team remains focused on mitigating and managing the security risks that may arise from those services. Equifax recognizes the benefits of maintaining a team of expert security testers to detect, investigate, and help evaluate the risk of issues found on the company’s external perimeter.

With operations across the globe and services that play an essential role in the global economy, Equifax was seeking a way to map and track changes to thousands of domains and subdomains.

"This regression testing is a critical piece of defending our perimeter. Assets exposed to the external perimeter can be targeted by attackers, and this visibility is crucial when it comes to protecting our products, services, and the data entrusted to Equifax.”

– Jeremy Gillis, Senior Network Engineer at Equifax

Partnership in Real-time

Bishop Fox’s Cosmos (formerly CAST) managed service offering provides Equifax continuous testing and visibility with real-time communications from a dedicated team of security experts.

Typically, companies retain a third-party vendor to conduct a point-in-time red team test, produce a report, and then share it with the client so that response work can begin. In contrast, Equifax and Bishop Fox work closely together in real-time to leverage automation for continuous detection and response on the Equifax perimeter.

"The [Cosmos] team has been a great partner for us. We’ve been able to utilize their high-caliber skill set to add to the capabilities of our comprehensive security program.”

– Brad Trotter, Red Team Manager at Equifax

Together, Bishop Fox and Equifax collaborate to address potential threat concerns on Equifax’s attack surface. As a “second set of eyes” for Equifax, the Cosmos team demonstrates the exploits and attack vectors that Equifax can then proactively remediate the issues.

An Extension of the Team

As Equifax’s red team continued to test the company’s applications and internal and external networks, it leaned on Bishop Fox to help sift through the noise and data inputs from the security tools already in place.

The Cosmos team provided an additional layer of expert analysis to enhance the results of Equifax automated tools and used attacker techniques and custom created exploits to test Equifax’s systems. By working closely together, the teams develop a highly customized analysis of security threats to enable more effective response and to build better defenses against cyber attacks.

Equifax also granted Bishop Fox access to their bug bounty program dashboards, so that they could help verify those leads and reduce the noise from some of those systems.

"With our partnership approach, any issues identified are thoroughly investigated, escalated, and ultimately fixed before they become a problem,”

– Brad Trotter, Red Team Manager at Equifax

With Bishop Fox’s Cosmos Service, Equifax can better mitigate threats of today and tomorrow with speed and precision.

About Equifax

As a global data, analytics, and technology company, Equifax plays an essential role in the global economy by helping financial institutions, companies, employees, and government agencies make critical decisions with greater confidence. Headquartered in Atlanta and supported by more than 11,000 employees worldwide, Equifax operates or has investments in 25 countries.