Case Study

Moving to proactive security stance management

Silk allows us to analyze vulnerabilities, raise service tickets to the appropriate individuals and teams, and gain a complete picture of vulnerabilities across our environment. Silk helps to reduce the operational load on our security team, while at the same time improving the efficiency of the vulnerability management process - from prioritization to remediation."

– Eric Zematis, CISO, Lehigh University

Lehigh University (LU) is a private research university in Bethlehem, Pennsylvania. The university was established in 1865, and serves around 8,000 students.


Identify prioritized risks and enable collaborative risk remediation  

  • Maintain a proactive approach to security posture 
  • Minimize risk exposure window by reducing time between notification and remediation
  • Incorporate asset risk context to drive prioritization of security findings
  • Enable collaboration, communication between security and system owners responsible for fixes
  • Automate process to raise tickets, communicate with fixers and centrally track remediation status  
  • Consolidate scanning tools to reduce spend, retire overlapping tools


Transition from collecting information to reducing risk 

The security team defined a scoped strategy and metrics for remediating critical vulnerabilities on Internet-facing assets, with the intent to reduce the highest risk to the university’s IT infrastructure. 

As a component of the execution of the strategy, the team deployed the Silk Security platform, with integrations into multiple vulnerability and exposure detection tools, and ticketing systems. The security team set out to scope assessment on a specific set of assets, identify asset owners and provide fix information through existing workflows to facilitate more effective remediation. In order to focus assessment, the team used Silk to supplement findings categorization with asset profiles and prioritization rules based on business and environmental context labeling.


Security Efficiency

Reduced time spent on assessment by 80% with findings consolidation and de-duplication across tools

Repeatable Prioritization Scoping

Reduced reduced workload for system administrators by 75% through risk-driven assessment of findings, based on prioritization rules specific to Lehigh’s environment

Automated Remediation Process

Reduced time spent on fix workflows by as much as 80% through ownership assignment and ticketing integrations

Enhanced Collaboration

With more clarity on what to prioritize for system owners based on risk, the security team saw 50% growth in fix implementation

Consolidated Visibility into Risk Status

In addition to reducing manual reporting processes by 90%, centrally visualize, track and monitor remediation task status

Data-driven Tool Consolidation

Facilitated 40% in tool costs, with consolidation on the CrowdStrike platform and reducing the # of licenses for overlapping tools

Want to read the full case study?