CASE 14 · DELTA · 2024
Vulnerability management that scales to two hundred accounts.
A healthcare ISV ran 200 production AWS accounts across customer-isolated environments. Their vuln management was a quarterly export from Inspector, manually triaged in a spreadsheet by one person, with a P0-to-patch median of fourteen days. We rebuilt it as a continuous workflow with a sub-72-hour P0 SLA.
Healthcare ISV
SECURITY
2024
RESULTS
What changed, by the numbers.
P0 TIME-TO-PATCH
14d → 56h
COVERAGE
100%
JIRA NOISE
−70%
AUDIT TIME
−92%
HOW IT WENT
The first audit gap was straightforward: only a third of the EC2 fleet had SSM Agent running, and the EKS clusters weren’t in Inspector at all. The quarterly export missed the workloads that mattered most because they weren’t being scanned.
We enrolled the full fleet in Inspector and SSM. ECR enhanced scanning caught container vulns at push time. Security Hub aggregated findings across accounts via the delegated administrator pattern. EventBridge routed critical findings straight to Jira with the patch runbook attached.
P0s now ship a patch in under three days, median. The triage spreadsheet got deleted. The person who used to maintain it is now running threat modelling sessions instead. Auditors generate their own evidence from Audit Manager in two hours, not two weeks.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.