Fortune 500 Bank Looking to Reduce Complexity Across a Siloed Security Tool Set


Download Case Study

The Situation – Needing an outside perspective to accelerate digital transformation


The director of security infrastructure of a large U.S.-based financial institution was experiencing a digital transformation effort that was pushing the organization to the cloud, but the director’s many existing security tools (80) were getting in the way of necessary change. Being newly promoted in the organization, the director needed to get a better understanding of the technology stack and how the tools were being used to decide which tools to keep. This caused conflicts between internal teams and required significant resources. Facing an expected three-year project timeline, the director chose Optiv to perform this analysis to remove the possibility of internal politics, lack of focus/priority and to ensure as much impartiality to the project as possible. 


Solution – Tools rationalization assessment helps identify integrations, gaps and consolidation roadmap


Optiv designed an engagement focused around three key objectives: identify which tools were best for the client’s security and strategy, minimize the complexity of the technology stack and work across departments and teams to understand the requirements of all stakeholders.


The first step in Optiv’s Technology Consolidation and Rationalization solution included a discovery workshop with client SMEs to learn more about the existing security technology landscape. How the client was using the tools sparked a conversation about how other industry peers were leveraging these same tools. 


Next these tools were mapped against a proven security model, the MITRE ATT&CK framework and Optiv’s security controls map, which were used to analyze the tool set to identify potential integrations, gaps in control areas and areas for improvement, both functional and technical. This effort would show if multiple tools in the same category existed, to prompt an effort to determine the right tool moving forward. 


Lastly, a security roadmap for tool consolidation and security controls improvements and recommendations was provided to the client that helped the director execute on a cloud strategy. Optiv executed the engagement promptly and finished the project in five months.

Industry Served: Financial Services

What Client Purchased

  • Technology Consolidation and Rationalization with Subject Matter Expert Evaluation (Level 2)
  • Industry Framework Mapping (MITRE ATT&CK)
  • Security Technology Strategy Recommendations and Roadmap

Optiv's Actions

  • Mapped tools to Optiv’s controls map to determine Optiv and client subject matter experts (SMEs)
  • Performed discovery workshops with a focus on each control area with Optiv and client SMEs
  • Analyzed gathered information to build out potential integrations between tools, gaps in control areas and areas for improvement, both functional and technical
  • Developed a roadmap for consolidation and improvement of the control’s coverage with short-, mid- and long-term recommendations

Client Outcomes

  • Security controls were mapped and aligned to the MITRE ATT&CK framework providing a quick assessment of security risk/exposure
  • Key deliverable included a prioritized security roadmap with short- and long-term projects aligned to benefits, risks and security outcomes (consolidation, controls/process improvements, etc.)
  • Client benefited from the external/unbiased advice, consultation and feedback they received from a security provider experienced in working across thousands of client environments
  • Project was wrapped up in 5 months, opposed to the estimated 3 years if done internally

Download a printable version of this case study for more details


How can we help you secure greatness?


Optiv can advise on, deploy and operate end-to-end cybersecurity programs aligned to your business goals. As the cyber advisory and solutions leader, we serve nearly 6,000 companies across every major industry. Our certified experts can help you gain the agility, security, scale and control you need to stay ahead of the competition.