This large insurance and wealth management company employs over 10,000 employees to serve the needs of millions of customers across Europe and North America. As one of the industry’s leading service providers, company employees receive a large volume of suspicious and malicious emails—all with the potential to compromise the company’s cybersecurity or computer systems.
Before leveraging Thirdera and ServiceNow, the response strategy for handling these potential threats relied on multiple tools and time-consuming processes that didn’t allow for a consolidated overview of all security incidents. Since grouping multiple similar emails into one actionable case was impossible, the company experienced lengthy resolution times and a lack of visibility into how long each incident took to resolve.
To develop a more effective cybersecurity strategy, the company looked to Thirdera for guidance. Under tight time constraints, we implemented a blend of ServiceNow solutions to create a robust, coordinated response for dealing with cyber incidents and vulnerabilities.
Company ProfileSize: 10,000+ employees | Industry: Insurance Services & Wealth Management | Location: Canada |
|
The current process gave no visibility into the mean time taken to respond to incidents or the time taken to remediate each individual phishing incident. |
Employees spread across multiple countries were receiving suspicious phishing emails from a wide range of scam organisations. |
|
|
Reporting and analysing suspicious emails was completed within Microsoft Outlook, with time-consuming manual analysis required to identify threats. |
|
There was no way to accurately record phishing emails and the time taken to respond to each of these |
The insurance company’s employees—spanning multiple countries across two continents—were the target of many suspicious emails from various scam organisations. The company’s processes for analysing, parsing, and enriching these phishing emails used a range of siloed, manual tools. This was not only clunky and time-consuming—it was also a potential security risk for internal and client data.
While the company had previously engaged two other firms to solve the issue, neither could achieve a successful outcome.
Thirdera was recommended as a potential vendor by ServiceNow after members of the insurance company’s digital team attended our presentation on Security Operations (SecOps) projects. Thirdera’s expertise in helping clients develop robust security response strategies and our ability to deliver within a very tight deadline made us an obvious partner for this project.
Added the company’s Director of Information Security, “We appreciated how Thirdera was able to adapt to and be professional about our unique time constraints.”
Under Thirdera’s technical and consultative guidance, the company successfully implemented several of ServiceNow’s Security Operations solutions. As a result, the company was able to deploy a strong cybersecurity strategy to effectively manage new levels of cyber risk using a blend of discovery, identification, and remediation.
Rapid Response |
|
Visibility Workflows for remediation allow for standard resolution practices and a comprehensive overview of all cyber risks affecting the company. |
|
Resiliency |
|
Efficiency |
|
|
Security |
Thirdera leveraged ServiceNow’s Security Incident Response (SIR) User Reported Phishing application to consolidate phishing incidents from actual attackers and simulated phishing exercises.
With Thirdera's help, the company also developed customised email aggregation rules to accelerate incident resolution times. These rules group emails based on:
Instead of completing email parsing and enrichment within separate tools, this is now achieved using ServiceNow’s Threat Intelligence application and integrations with observable enrichment tools. The observables gathered from this parsing are then sent to external tools for further analysis. Automatic email extraction also allows confirmed phishing incidents to be searched and deleted without requiring manual coordination.
ServiceNow’s Integration Hub is also used to accelerate connectivity and simplify process automation. It allows the insurance company to create an intuitive and enriched workflow that can be employed across user-reported phishing incidents—including spear phishing and malware remediation. Threat Intelligence is performed using an integration with Anomali and Cisco Secure Malware Analytics, allowing for informed decision-making. Lastly, the end-to-end workflow of each security task is managed using Flow Designer.
“Thirdera’s input, expertise, and perspectives—combined with their push to provide thought leadership to our team—has given us much more insight into the amount of spam email we are seeing,” said the company’s Director of Information Security. “We are very happy with the end result of this project and we've found the ServiceNow partner that we want to work with in the future.”
The largest pure-play ServiceNow partner in North America, Thirdera is a trusted Elite ServiceNow partner focused solely on improving and innovating the way our customers leverage the ServiceNow platform. Our experts possess authoritative capabilities and skillsets spanning the entire Now Platform. This extensive platform expertise allows us to understand our customers’ needs and deliver tailored solutions that solve business challenges.
Contact us today to discuss your next project, and enter a new era of ServiceNow partner experience.