Project Goals
- Protect sensitive customer data at all costs
- Benchmarking for security executive and board level conversations
- Proactively automate time intensive and error prone manual steps
Why Elevate
- Predictive visibility into ransomware, account takeover and data loss risks across the company, departments and individuals
- The only solution that helps them proactively stay ahead of threats
- Fast time to value; highly customizable
The Challenge
The organization invested significantly in security technology over the past 20 years, creating a layered-defense model to protect the organization. By any measure, the company had a world-class security organization. What they found, however, is that the more they invested in security technology, the more alerts they needed to deal with and the team still needed to chase down, stay on top of, and clean up a significant number of incidents.
This problem was particularly challenging because the different tools were often disconnected from each other. The correlation and connection between the disparate systems wasn't easy or clean. This led the security team to focus on cleanup and response to incidents, over investing in a high number of repeated, low impact events that needed to be addressed instead instead of deeply understanding their causes and preventing future incidents from occurring.
One of the goals of implementing the Elevate Security platform was to help the security team achieve a goal of becoming more proactive by getting in front of incidents. Being proactive would mean more time spent on protecting the organization’s sensitive financial data of its customers and implementing strategic security improvements.
As a global financial services company, the organization is responsible for securing hundreds of millions of customer records. At an average cost of $388 per record paid out in a recent financial industry breach, the organization recognized that the cost of a potential breach would be significant.
The Solution
Moving From Reactive To Proactive
The reality of having to deal with a constant stream of alerts has forced many organizations into a very reactive approach with a heavy focus and investment on the detect, response and recovery sides of the NIST Cybersecurity Framework. The team realized that these efforts, while useful, had two major issues:
- They weren’t using the learnings from these alerts and incidents to protect their organization
- They weren’t addressing the root cause of the incidents
This led to a partnership with Elevate Security. In two weeks Elevate had ingested data sets across their identity platform, email security gateway, web gateway, endpoint and endpoint management solutions to build organizational, department and individual risk profiles based on the actions users took, the access they have, how frequently they are attacked and the controls in place to give deep visibility into their organizational risks around ransomware, account takeover and data loss.
The Key Success Metrics - Reducing Incidents
At the beginning of the partnership, the key success metric identified by the team was an organization-wide reduction in bad user actions that led to incidents. Elevate was very quickly able to benchmark the organization's current state and together we began to drive improvements in all areas we focused on. Below is a sample of the types of issues we’ve seen across this customer and others like them:
- 82% reduction in malware/ransomware and account takeover incidents
- 55% improvement in risky security decisions being made
- 47% increase in the detection of attacks targeting employees
Building Business Workflows
Due to the disconnected tools this organization was using, there were many manual steps that Elevate Security could orchestrate for them using Elevate's policy risk engine.
The core of this work fell into three categories:
- Automated notifications to employees, managers and the security team around current and emerging risks to them and the organization
- Sharing user risk intelligence with other systems to enable better decision making of security team analysts and other systems like identity solutions
- Tailoring application controls and policies based on workforce risk profiles to build precision policies based on an individual’s risk
Benchmarking To The Board
Elevate helped the security team shine in their Board communications. With deep visibility across key business risks, internal and external benchmarking and beautiful dashboards and reports, the team now has a key tool in their arsenal when presenting their journey.
The biggest compliment any partner can get is that we’ve helped them look good internally with the Board, their executives and their users. That plus real metrics showing a decrease in risk is a beautiful union.