Home Case Studies Lionbridge Maintaining client trust by building a resilient security program
Lionbridge de-risks cloud transformation with IBM Security Randori attack surface management and continuous automated red teaming
Woman with headphones participating in group video call

On a mission to bring the world closer by building bridges through language, Lionbridge translates billions of words daily into more than 350 languages for more than 2,100 customers who want to take their content and stories global.

Trusted by its customers to translate sensitive data every day, Lionbridge views security as an essential tenet to its success as a leading global Language Service Provider (LSP) . It’s a commitment embraced jointly by the Lionbridge Trust team and the company’s more than 6,000 employees in 24 countries.

“The largest corporations in the world trust us to get their message right and share it globally ,” says Chief Trust Officer Doug Graham. “Central to our long-term success, Lionbridge takes security and privacy very seriously. Working with sensitive information daily, we treat this information with the care and security required—it’s one of the reasons organizations choose us. From the security team to our experts, everyone at Lionbridge is committed to upholding that trust and takes security as a personal responsibility.”

Graham understands the importance of starting from a firm foundation. A proven security veteran with experience working in the natural language processing industry, he sought to turn security into a competitive differentiator for Lionbridge. 

As the company invested in and transitioned heavily to the cloud, Graham and his team needed to ensure they had a firm grasp on Lionbridge’s growing external attack surface. Primarily focused on ensuring his security team could enable new SaaS and cloud applications securely, Graham began seeking solutions that could provide visibility into Lionbridge’s evolving environments.

Looking for the ability to monitor Lionbridge’s dynamic attack surface, Graham’s team needed a low-friction solution that could easily integrate with their existing workflows. Frustrated with other tools’ high volume of false positives, they selected an attack surface management (ASM) solution that produced high-fidelity discovery results. 

Lower costs

Avoided up to USD 75,000 in annual fees to third-party services for penetration testing and vulnerability scanning.

Fewer hours

Reduced time to scan more than 12,000 external assets from months to hours.

While we had always invested in security, we wanted to ensure that our approach to asset and vulnerability management was able to evolve to address today’s cloud and dynamic environments. Getting and maintaining an external assessment of any attack surface is a critical first step forward in developing a defensive strategy. IBM Security Randori made that possible. Garrett Schubert Director of Cyber Security Lionbridge
Conducting reconnaissance

Impressed with IBM Security® Randori Recon’s unique approach of continuous asset discovery and risk-based issue prioritization from an attacker’s perspective, the Lionbridge team kicked off an evaluation. While they assessed both the quality of results and operationalization of Randori Recon, the team was able to gain immediate value by identifying key exposures.

“IBM Security Randori’s unique perspective and detailed insights into our attack surface enable us to more accurately and confidently assess, manage and report on our external risk to internal and external stakeholders," says Schubert.

By embracing Randori Recon, Lionbridge gained real-time visibility into its external risk posture. Now, as its cloud footprint changes, Lionbridge’s exposure management systems are updated accordingly.

With this clarity, the Lionbridge team streamlined their operations by deploying Randori Recon’s bidirectional integrations to map newly identified assets into their asset management solution. If Randori Recon discovers a previously unknown asset, it is flagged and investigated to improve inventory management processes going forward. From this integration, Lionbridge established a strong reporting capability around its external risk and set KPIs around attack surface trends and public cloud security. 

To drive action, Lionbridge’s vulnerability management team relied on Randori Recon’s risk-based prioritization to focus their remediation efforts, which resulted in a more efficient team dynamic. They incorporated Randori Recon’s targeted threat intelligence into their threat monitoring and investigation workflows to enrich the information available to their analysts from a single dashboard. As a result, the team uncovered workflow inefficiencies and was able to take steps to improve performance and optimize their security spend on penetration testing.

IBM Security Randori has changed the conversations I can have with my team and the executive team around risk. A rich and continuous external assessment of our attack surface has enabled me to make attack surface risk a company-level metric. We can now report confidently on the current risk exposure and demonstrate improvement over time in a way that was impossible to do before. Doug Graham Chief Trust Officer Lionbridge
Continuously validating

To move beyond the find-and-fix mentality and continue building a resilient security program, Lionbridge is integrating continuous automated red teaming (CART) into its security program by investing in IBM Security Randori Attack Targeted. By identifying the most problematic areas of their attack surface, the team can run valuable, authentic red and blue team cyberattack scenarios efficiently and at scale. 

By adopting Randori Attack Targeted, the Lionbridge Trust team validates whether tools and security processes work as expected. To begin this journey, Lionbridge partnered with the Randori Hacker Operations Center to define an organizational objective. Through this definition, and a combination of automated and human validation, Lionbridge uncovered gaps, such as misconfigured alert rules, password rotation policy issues and users who gained more permission than they needed . 

The Randori platform provides the clarity Lionbridge needs to confidently uncover exposures, action the findings and validate that mitigations are implemented as expected. Through continuous discovery and validation, the Lionbridge Trust team can validate and communicate their risk reduction efforts to the company’s board of directors, proving the return on investment of internal initiatives, such as employee awareness training and internal security control efforts.

“As a Chief Trust Officer, I want to have the confidence to tell our executive team exactly where we stand,” says Graham. “IBM Security Randori enables me to have those conversations around our attack surface and overall program effectiveness, demonstrating how we are improving the detection and incident response capabilities of our internal and managed partner teams.”

Primanti Bros. logo
About Lionbridge

Lionbridge (link resides outside of ibm.com) partners with brands to break barriers and build bridges all over the world. For over 25 years, it has helped companies connect with their global customers and employees by delivering translation and localization solutions in 350+ languages. Through its world-class platform, it orchestrates a network of passionate experts across the globe who partner with brands to create culturally rich experiences. Relentless in its love of linguistics, it uses the best of human and machine intelligence to forge understanding that resonates with its customers’ clients. Based in Waltham, Massachusetts, Lionbridge maintains solution centers in 24 countries. Learn more at www.lionbridge.com (link resides outside of ibm.com).

IBM Security Randori Recon

Manage the expansion of your digital footprint and get on target with fewer false positives to improve your organization's cyber resilience quickly.

Learn more View more case stories Randori Recon Attack Surface Management Data Sheet

Randori Recon provides a continuous view of your external perimeter to reduce the risks of shadow IT, misconfigurations, and process failures.

Read the data sheet
Testing defenses, strengthening cybersecurity

Financial services provider Greenhill continually strengthens its cyber security by using IBM Security Randori software to test its defenses as its attack surface evolves.

Read the case study
What is attack surface management?

Attack surface management helps organizations discover, prioritize, and remediate vulnerabilities to cyberattack.

Learn more

© Copyright IBM Corporation 2023. IBM Corporation, IBM Security, New Orchard Road, Armonk, NY 10504.

Produced in United States of America, September 2023.

IBM, the IBM logo, and IBM Security are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client's systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.

Statement of Good Security Practices: No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access.  IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.