What's new in Cogent: Multi-tier system ownership. Read about it here
CSC Generation Drives Toward VM Autonomy with Cogent
How a multi-brand retail operator scaled its security program across a growing portfolio of acquisitions without adding headcount
3 hours
from onboarding to full vulnerability assessment
100%
of vulnerabilities managed autonomously
5 min
to generate executive reporting by brand
The Customer
CSC Generation is a multi-brand retail operator that acquires and modernizes consumer brands. The company owns and operates well-known retail, e-commerce, and wholesale businesses, including Sur La Table, One Kings Lane, and Backcountry. CSC uses AI and automation to streamline the operations of the companies it acquires, from merchandising to supply chain, helping new acquisitions become more profitable.
"AI already powers how we buy and integrate brands. Our approach to cybersecurity has to match that. With Cogent, security can run on autopilot, and we keep our team focused on product and integration work."
Justin Yoshimura
CEO, CSC Generation
The Challenge
Each time CSC acquires a new brand, it inherits a different set of systems, security tools, and tech debt. Once a newly acquired brand standardizes on CSC's production systems, CSC assumes the risk and responsibility of securing customer data. Managing vulnerabilities across all of those different environments, teams, and tools is where things broke down.
The security team was lean. They were expected to reconcile assets, map owners, route tickets, and track SLAs manually across multiple brands and divisions. Applying patches pulled IT and developers off brand integration projects, and the volume of findings grew faster than the team could process.
Without a unified inventory, CSC couldn't tell which findings mattered first or who owned them. Overlapping scanner and cloud exports, lack of a CMDB, and inconsistent tagging all delayed prioritization and remediation.
Leadership needed brand-level and division-level rollups showing Critical and High risks on defined timelines, with verification evidence and owner accountability. Those views were built manually, became outdated as soon as they were created, and couldn't scale with the acquisition cadence.
"Every acquisition adds more infrastructure and more exposure. We needed security operations that could scale at the same rate we acquire companies, without hiring a bigger team every time."
Justin Yoshimura
CEO, CSC Generation
The Solution
CSC deployed Cogent's AI-native vulnerability management platform to run the full VM lifecycle across brands. Cogent manages CSC's assets in real time, building a single, live inventory across all data sources. It maps each asset and finding to an accountable owner and prioritizes vulnerabilities based on business impact.
"We connected Cogent and had a full picture of our environment within 3 hours. For a company that runs on speed, that's exactly what we need from a security tool."
Justin Yoshimura
CEO, CSC Generation
From there, Cogent drafts remediation plans. Standard fixes can run automatically from approved playbooks, and exceptions are routed to the IT team for review and approval. The IT team maintains oversight to review exceptions and edge cases escalated by Cogent's agents, and to refine system guardrails.
Actions are logged with evidence for a full audit trail. Predefined risk thresholds and change windows are applied, rollback steps are established, and accuracy is monitored continuously and improved over time. Cogent keeps tickets and records in sync so SLA tracking is reliable.
Leadership now has on-demand views that roll up Critical and High vulnerabilities, SLA status, and key trends across the environment.
The Results
Because of Cogent, CSC Generation keeps pace with the accelerating scale of its brand portfolio without adding headcount. Remediation runs smoothly, compliance stays on track, and the business moves faster.
Within three hours of onboarding, Cogent completed full asset discovery and vulnerability assessment for the Sur La Table brand. That kind of time-to-value matters when you're integrating new companies on a regular cycle.
Vulnerabilities are now remediated in a timely fashion, with minimal manual overhead. The security team focuses on exceptions, not routine fixes.
Executive reporting that used to require hours of manual assembly now takes five minutes. Leaders get live rollups by brand in a single tool, with the visibility they need to make decisions about risk across the portfolio
“We could not have achieved these results for our security program without Cogent. The level of autonomy in the solution has allowed us to stay secure without growing headcount, and protects us against the number one cause of breaches.”
Justin Yoshimura
CEO, CSC Generation
