Morneau Shepell Secures More Than 600 Websites Without an Army of Penetration Testers

When you have to scan hundreds of web applications and identify exploitable vulnerabilities on all of them, Invicti is THE essential easy-to-use tool that provides professional reports with a clear explanation and steps to remedy them.

– Mihai Petre, Security Analyst at Morneau Shepell

Morneau Shepell, an international pension administration and benefits company, was founded in the eighties as SOBECO. The company merged with Morneau in 1995 to become Morneau Sobeco. Later in 2006 Morneau Sobeco acquired Shepell FGI to become Morneau Shepell. Today Morneau Shepell serves more than 8,000 clients, ranging from small businesses to some of the largest corporations and associations in North America.

The Need to Scan over 600 Web Applications every Month

Morneau Shepell’s websites and web applications are built with .Net framework and run on a number Microsoft IIS servers. Web applications are used by both employees and business partners to gain access to the personal accounts and information of their clients’ to make pension investments and payments.

Why did Morneau Shepell choose Invicti Web Application Security Scanner?

Prior to Invicti, the company used Nessus as their primary web application security scanner; but as Security Analyst Mihai Petre highlights:

Existing tools used for testing published websites and web applications such as Nessus are not reliable. With the ever growing number of published websites, sorting through the scan results and verifying the findings was both a frustrating and a time consuming process.

We started looking for a more efficient solution that could help us automate most of the tasks and Invicti was the obvious choice, because it automatically verifies identified vulnerabilities. Therefore our team did not need to allocate time to verify the scanner’s findings.

– Mihai Petre, Security Analyst at Morneau Shepell

Invicti Web Application Security Scanner is now being used to carry out monthly scheduled web application security scans using credentials, and also daily ones when the need arises.

We have been using Invicti for over three years at Morneau Shepell, since version 2 was released. We are very happy with Invicti and as long as they keep on updating it frequently, we will stick to it.

– Mihai Petre, Security Analyst at Morneau Shepell

Damage Limitation Ensures a Smooth Running Business

If a web application were hacked and sensitive data leaked or stolen, the company could suffer severe financial and regulatory compliance problems.

When Morneau Shepell started using Invicti three years ago, they realized that many of their websites needed improvements in mitigating SQL Injections, Cross-site Scripting (XSS) and other vulnerabilities.

Using Invicti they identified and confirmed particular cases where sites were vulnerable and quickly deployed fixes. Now, the security team is confident that their web applications are secure.

Now the scanning reports only include IIS configurations problems, detected as low alerts. Thanks to Invicti we identified and closed all critical security vulnerabilities.

– Mihai Petre, Security Analyst at Morneau Shepell

About Moreau Shepell

Established in 1966, Morneau Shepell serves more than 8,000 clients, ranging from small businesses to some of the largest corporations and associations in North America. With approximately 3,000 employees in offices across North America, Morneau Shepell provides services to organizations across Canada, in the United States and around the globe. Morneau Shepell is a public-traded company on the Toronto Stock Exchange (TSX: MSI).

Turn your security process into a success story