Client Overview
One of the nation’s largest furniture retailers operates hundreds of showrooms and a major ecommerce platform, generating $2.4B in annual revenue. With a footprint that includes 314 internet-facing assets and 97 external targets, the company needed to ensure strong protection for its online systems while supporting continuous customer transactions.
The Challenge
Scaling External Vulnerability Management Across Teams
As the retailer's digital presence grew, so did its external attack surface. Different teams used different tools, and visibility varied across departments. When the company hired a new Associate Security Analyst, one of his first tasks was to evaluate the tools in use and how external risk was being tracked.
The organization faced several challenges:
- Multiple teams (security, AppDev, infrastructure) needed access to vulnerability data
- Existing tools either provided too much unstructured information or too little useful detail
- The security team was under pressure to show measurable risk reduction quickly
- PCI-related vulnerability management needed ongoing oversight
- Remediation teams needed clear, actionable technical details—not vague scan results
- The process of handing issues off to other teams often slowed down remediation
The retailer needed a platform that delivered clarity, accuracy, and collaboration.
The Solution
Clear Findings, Targeted Dashboards, and a Partner Who Responds Quickly
The retailer has relied on Halo in various forms since 2014. Today, Halo plays a central role in external attack surface management, offering several capabilities that stood out to the analyst:
- Vulnerability details that make handoffs effortless. Teams receive exactly the context they need—from technical specifics to remediation guidance—without extra digging. "I've never had AppDev come back asking for more details. Everything they need is right there," the company's Associate Security Analyst shared.
- Dashboards that simplify management. Instead of giving every user the full platform, the analyst can build tailored dashboards so each group sees only what matters to them. "It makes everything much more streamlined when multiple teams are involved," he noted.
- Support that actually feels like a partnership. Halo's responsiveness sets it apart from other EASM suppliers, the analyst noted. "Whenever we need clarification or run into a challenging vulnerability, Halo replies quickly—often within hours—with answers, validation, or confirmation of false positives. Their communication and service are excellent," he explained.
The Results
Through focused use of Halo's platform and guidance, the retailer has achieved several meaningful outcomes:
- Their external risk score has dropped dramatically. "After just a few months of working with Halo, we cut our risk score in about half. Halo's platform has really helped us strengthen our security posture," he stated.
- Hidden, unmanaged assets were discovered and retired. "Halo's platform found a website our company didn't realize it still owned. Decommissioning it reduced our risk exposure and cut unnecessary costs," he shared.
- Remediation moves faster and with far fewer roadblocks. He explained, "Because Halo provides deep, actionable context for each vulnerability it identifies, our AppDev and engineering teams can resolve issues quickly and efficiently."
- The team feels prepared for future PCI reviews. Halo's platform and the ongoing visibility and consistent findings give the furniture company confidence in its audit readiness.
The Halo Difference: Usability With Real Depth Behind It
The Analyst summarized, "One of Halo's biggest benefits is that they deliver the right level of information to every stakeholder, from engineers to executives. Platforms usually either overload users with raw data or look slick but lack depth. Halo strikes a perfect balance, offering clarity and completeness to ensure fast, efficient resolution." He continued, "Their custom dashboards and reports are great and make it easy to present security posture reports to leadership and technical reports that help us stay organized and respond quickly."
