LifeLabs snapshot
LifeLabs is Canada’s leading provider of laboratory diagnostic information and digital health connectivity sys
Industry:Healthcare and Pharmaceutical
HQ:Toronto, Canada
Size:6,500 employees, 15 million customers
01
How LifeLabs Manages Exposures to Drive Impactful Risk Reduction
challenges
LifeLabs’s previous approach to vulnerability management relied on scanning for CVEs, leaving out misconfigurations, code flaws, business logic gaps, and more.
With siloed across separate tools, the team spent countless hours on manual correlations only to lack a complete, up-to-date view of their risk profile.
Inventorying assets was also labor intensive and inaccurate, further contributing to gaps in LifeLabs’s incomplete understanding of its risk landscape.
phased journey
- Broadened the scope of LifeLabs’s CTEM program beyond basic vulnerability identification to include critical business context, crown jewel prioritization, penetration testing results, and more.
- Enhanced visibility into exposures, augmenting traditional scanning with united data from dozens of security tools and automatic deduplication, correlation, and contextualization of sources through the Zscaler Data Fabric for Security.
- Prioritized what vulnerabilities to fix first based upon their unique business logic, risk factors and mitigating controls.
results
Reduces risk through targeted, effective actions that focus on assets and risks most pertinent to their operations, avoiding the inefficiencies caused by treating all vulnerabilities equally.
Maximizes effectiveness of cybersecurity efforts through a sophisticated prioritization framework that emphasizes exploitability and business impact over traditional criticality scores.
Stronger stakeholder engagement and mobilization through clearly communicated, prioritized remediation plans grounded in a common language for business risk.
Customer Case Study
LifeLabs is the largest medical laboratory diagnostic company in Canada, with 370 locations servicing over 15 million customers, providing actionable intelligence through health information analytics that empower customers to take their health outcomes into their own hands and live healthier lives.
Mike Melo, CISO and VP of IT Shared Services at LifeLabs, joined the company in 2018 and has witnessed significant transformation since coming on board. “We are a heavily regulated organization with different privacy mandates across the board,” Melo explains. “We want to be at the forward charge of cyber security practices in healthcare. Healthcare organizations across the globe are increasingly targeted by adversaries due to the sensitive nature of public health information (PHI) we manage. We want to do right by our customers to ensure that we are ultimately holding their information and custodianship in the most secure practice as possible.”
Melo has led the charge with various stakeholders to address the challenges of vulnerability management (VM) while staying strictly in alignment with industry standards and regulatory requirements. The traditional approach of scanning for CVEs was not working. “We needed to get to a place where my team and I could truly map business contextualization into vulnerabilities and drive risk-rated outcomes, and move that needle down based on what is truly exposing us.”
This push led Melo to engage with Avalor, which has since been acquired by Zscaler and rebranded as Zscaler Unified Vulnerability Management (UVM). Zscaler UVM ingests traditional vulnerability findings, exploitability feeds, and dozens of other findings and business context. It then correlates and enriches the information to create a prioritized, contextualized list of actions needed to reduce risk.
“One of the biggest areas I wanted to act on was pen test results. I want those efforts not in a silo but integrated into our VM management program. With UVM, we can take in all these inputs, contextualize the prioritization, and get a holistic view that is actionable that also takes into account our mitigating controls. Zscaler UVM is just kind of magic for us.”
UVM provides risk calculations that combine factors that increase and decrease priority, and customers can refine and change the weighting of the factors that create the risk score. Melo loves the ability to change the factors and weighting.
“Some of our data isn’t perfectly reliable, and UVM lets us modify the math in the tool, which is powerful. I don’t have to muck around doing any reporting outside of the platform, and that’s been game changing.”
LifeLabs has used Zscaler UVM to focus on understanding the risk associated with crown-jewel applications. That’s entirely changed how security and the business teams interact. “Now we can go to the business and have a conversation about seeing risk elevate for their crown jewel app, and we can make the case that we need some changes—maybe some different maintenance windows, or rethink a business process, or maybe do more training because the risk score is going up because your users are failing on phishing campaigns. We’re able to broker conversations with the business that are way more meaningful.”
Zscaler UVM is also helping Melo improve reporting to the board. He’s customized more meaningful metrics into the platform to show cybersecurity performance, with risk scores tied to business context in real time. “Executives ask: ‘How secure are we? Right now, today?’ To have something like UVM that is dynamically trustworthy allows me to answer that question. I can, at any given time, provide an up-to-date, real-time readout on where our risk is.”
More From This Customer
Solutions
