On a mission to bring the world closer by building bridges through language, Lionbridge translates billions of words daily into more than 350 languages for more than 2,100 customers who want to take their content and stories global.
Trusted by its customers to translate sensitive data every day, Lionbridge views security as an essential tenet to its success as a leading global Language Service Provider (LSP) . It’s a commitment embraced jointly by the Lionbridge Trust team and the company’s more than 6,000 employees in 24 countries.
“The largest corporations in the world trust us to get their message right and share it globally ,” says Chief Trust Officer Doug Graham. “Central to our long-term success, Lionbridge takes security and privacy very seriously. Working with sensitive information daily, we treat this information with the care and security required—it’s one of the reasons organizations choose us. From the security team to our experts, everyone at Lionbridge is committed to upholding that trust and takes security as a personal responsibility.”
Graham understands the importance of starting from a firm foundation. A proven security veteran with experience working in the natural language processing industry, he sought to turn security into a competitive differentiator for Lionbridge.
As the company invested in and transitioned heavily to the cloud, Graham and his team needed to ensure they had a firm grasp on Lionbridge’s growing external attack surface. Primarily focused on ensuring his security team could enable new SaaS and cloud applications securely, Graham began seeking solutions that could provide visibility into Lionbridge’s evolving environments.
Looking for the ability to monitor Lionbridge’s dynamic attack surface, Graham’s team needed a low-friction solution that could easily integrate with their existing workflows. Frustrated with other tools’ high volume of false positives, they selected an attack surface management (ASM) solution that produced high-fidelity discovery results.
Avoided up to USD 75,000 in annual fees to third-party services for penetration testing and vulnerability scanning.
Reduced time to scan more than 12,000 external assets from months to hours.
Impressed with IBM Security® Randori Recon’s unique approach of continuous asset discovery and risk-based issue prioritization from an attacker’s perspective, the Lionbridge team kicked off an evaluation. While they assessed both the quality of results and operationalization of Randori Recon, the team was able to gain immediate value by identifying key exposures.
“IBM Security Randori’s unique perspective and detailed insights into our attack surface enable us to more accurately and confidently assess, manage and report on our external risk to internal and external stakeholders," says Schubert.
By embracing Randori Recon, Lionbridge gained real-time visibility into its external risk posture. Now, as its cloud footprint changes, Lionbridge’s exposure management systems are updated accordingly.
With this clarity, the Lionbridge team streamlined their operations by deploying Randori Recon’s bidirectional integrations to map newly identified assets into their asset management solution. If Randori Recon discovers a previously unknown asset, it is flagged and investigated to improve inventory management processes going forward. From this integration, Lionbridge established a strong reporting capability around its external risk and set KPIs around attack surface trends and public cloud security.
To drive action, Lionbridge’s vulnerability management team relied on Randori Recon’s risk-based prioritization to focus their remediation efforts, which resulted in a more efficient team dynamic. They incorporated Randori Recon’s targeted threat intelligence into their threat monitoring and investigation workflows to enrich the information available to their analysts from a single dashboard. As a result, the team uncovered workflow inefficiencies and was able to take steps to improve performance and optimize their security spend on penetration testing.
To move beyond the find-and-fix mentality and continue building a resilient security program, Lionbridge is integrating continuous automated red teaming (CART) into its security program by investing in IBM Security Randori Attack Targeted. By identifying the most problematic areas of their attack surface, the team can run valuable, authentic red and blue team cyberattack scenarios efficiently and at scale.
By adopting Randori Attack Targeted, the Lionbridge Trust team validates whether tools and security processes work as expected. To begin this journey, Lionbridge partnered with the Randori Hacker Operations Center to define an organizational objective. Through this definition, and a combination of automated and human validation, Lionbridge uncovered gaps, such as misconfigured alert rules, password rotation policy issues and users who gained more permission than they needed .
The Randori platform provides the clarity Lionbridge needs to confidently uncover exposures, action the findings and validate that mitigations are implemented as expected. Through continuous discovery and validation, the Lionbridge Trust team can validate and communicate their risk reduction efforts to the company’s board of directors, proving the return on investment of internal initiatives, such as employee awareness training and internal security control efforts.
“As a Chief Trust Officer, I want to have the confidence to tell our executive team exactly where we stand,” says Graham. “IBM Security Randori enables me to have those conversations around our attack surface and overall program effectiveness, demonstrating how we are improving the detection and incident response capabilities of our internal and managed partner teams.”
Lionbridge (link resides outside of ibm.com) partners with brands to break barriers and build bridges all over the world. For over 25 years, it has helped companies connect with their global customers and employees by delivering translation and localization solutions in 350+ languages. Through its world-class platform, it orchestrates a network of passionate experts across the globe who partner with brands to create culturally rich experiences. Relentless in its love of linguistics, it uses the best of human and machine intelligence to forge understanding that resonates with its customers’ clients. Based in Waltham, Massachusetts, Lionbridge maintains solution centers in 24 countries. Learn more at www.lionbridge.com (link resides outside of ibm.com).
Legal
© Copyright IBM Corporation 2023. IBM Corporation, IBM Security, New Orchard Road, Armonk, NY 10504.
Produced in United States of America, September 2023.
IBM, the IBM logo, and IBM Security are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client's systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
Statement of Good Security Practices: No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.