Republic Services Enhances Security with Cosmos for Continuous Testing

• Functional Applications - Enterprise Asset Management Systems (EAM)
• Functional Applications - Inventory Management Systems

• National Security & Defense
• Recycling & Waste Management

• Procurement
• Quality Assurance

• Supply Chain Visibility
• Tamper Detection

• Cloud Planning, Design & Implementation Services
• Testing & Certification

Republic Services, a leading company in U.S. recycling and non-hazardous solid waste disposal, faced a significant challenge in ensuring the privacy of consumers and business customers across approximately 40 states. Despite having a relatively small attack surface, the company needed to ensure responsible data handling beyond just satisfying compliance needs. They required constant visibility and a thorough understanding of where threats and risks might emerge on their perimeter. The challenge was further compounded as they transitioned to the cloud, specifically Amazon Web Services (AWS), and underwent rapid changes in their IT environment and business operations. The company needed a solution that could provide continuous testing and in-depth information to secure their organization and customers effectively.

Republic Services, Inc. is an industry leader in U.S. recycling and non-hazardous solid waste disposal. The company, through its subsidiaries, provides effective solutions to make responsible recycling and waste disposal effortless for its customers across the country. Republic Services operates collection companies, transfer stations, recycling centers, landfills, and environmental services. The company has 36,000 employees who are committed to providing a superior experience while fostering a sustainable Blue Planet® for future generations to enjoy a cleaner, safer, and healthier world. As a Fortune 500 company and a utility service, Republic Services operates in approximately 40 states.

Republic Services chose Bishop Fox’s Cosmos (formerly CAST) service to gain visibility into their attack surface and to discover, analyze, and investigate security risks as they emerge. Cosmos' automated discovery process helped Republic Services quickly build out their new asset inventory, discovering subdomains and one-off webpages that were created outside of the security auditing processes. These previously unknown assets were either taken offline or added to the asset inventory for appropriate protection. Cosmos also enabled Republic Services to track emerging threats and prevent attacks in real time. With Cosmos automatically scanning for these emerging threats and a team of humans analyzing the potential impact of an attack on their operations, Republic Services gained full visibility into their risk profile. The Cosmos team regularly notified the Republic Services team of each emerging high-impact CVE and cross-referenced the new vulnerability with the mapped assets to filter out the noise of an ever-changing threat landscape.

• The implementation of Cosmos has significantly improved the overall security of Republic Services. The company has been able to tackle even minor issues before they have the possibility of creating bigger problems down the line. For instance, the Cosmos team helped Republic Services identify a server monitor for an application that was publicly exposed on the Internet. The affected software was immediately taken offline and protected within their internal networks to remediate the risk. The continuous testing offered by Cosmos has provided a strong foundation for the security of the company. As Republic Services continues its transition to the cloud and acquires new companies, the Cosmos service will continue to map any new infrastructure and provide daily support to the security team, ensuring the data and applications of the company remain secure.