Explore how Northwestern Mutual, a large American financial services organization combats complex threats in a highly-regulated environment.
THE CHALLENGE
THE SOLUTION
THE IMPACT
Increasing volumes of malware and phishing threats
Implemented VMRay for advanced malware analysis, incident response, and threat intelligence gathering.
Reduced threat investigation time from 24 hours to just minutes.
Relying on free sandbox tools and their EDR solution left gaps in accuracy and depth of analysis.
Leveraged VMRay’s hypervisor-based sandboxing to detect and analyze evasive threats with precision.
Improved detection accuracy, minimizing false positives and enhancing trust in investigation results.
Manual submissions and lack of automation slowed down their response workflow.
Integrated VMRay with ThreatConnect for real-time threat intelligence
Enabled proactive threat hunting and faster, more efficient incident response.
Ensuring data privacy and compliance with US regulations was critical.
Chose VMRay for its strict data privacy controls and secure cloud and on-prem deployment options.
Gained confidence in data protection while enhancing cybersecurity capabilities.
Northwestern Mutual is a renowned leader in the financial services industry, serving millions of customers with comprehensive financial planning and insurance solutions. With this responsibility comes the challenge of protecting vast amounts of sensitive customer data from constantly evolving cyber threats.
As a company operating in a highly regulated sector, safeguarding information isn’t just about compliance—it’s about maintaining trust and operational continuity.
“We’re always on high alert given the nature of the financial services industry. Threat actors are continuously developing new techniques, and we need to stay one step ahead.”
Chris King, Senior Director – Cyber Threat Operations
The search for a robust threat analysis platform led them to VMRay, a decision that has proven transformative for their security operations.
Operating in the financial services sector presents unique cybersecurity challenges. Regulatory requirements demand strict data privacy and security measures, and the sensitivity of customer data makes the industry a prime target for cybercriminals.
“Data privacy is a critical consideration for us. We needed a platform that ensured data control and compliance with U.S. regulations while providing the best possible investigative capabilities.”
Chris King, Senior Director – Cyber Threat Operations
Northwestern Mutual’s security operations team faced several challenges:
“We had skilled analysts who could tell when the platform was missing something. Our focus was on accuracy and speed—we needed a solution that could deliver both.”
Chris King, Senior Director – Cyber Threat Operations
Before selecting VMRay, the team conducted a rigorous head-to-head comparison of multiple threat analysis platforms, including free tools, commercial solutions, and those bundled with their EDR tool. Their evaluation was based on several key criteria critical to a mature SOC like Northwestern Mutual’s:
VMRay emerged as the clear winner, excelling across all these categories and quickly becoming an indispensable tool in Northwestern Mutual’s security operations.
“VMRay gave us confidence not just in data privacy but in investigative depth. It’s the most used tool in our security organization—every single day.”
Chris King, Senior Director – Cyber Threat Operations
Northwestern Mutual selected VMRay for its hypervisor-based approach to sandboxing, which provides complete evasion resistance and unparalleled precision in malware analysis. This decision marked a turning point for the company’s cybersecurity strategy and played an important role in ensuring SOC maturity, which is described as “world-class” by external audits.
Initially deployed for malware detonation, VMRay’s use quickly expanded to support threat intelligence, threat hunting, and incident response teams.
Chris describes the platform as the source of truth for investigations:
“VMRay allows us to start from a point of known good data. From there, we can pivot to other tools and platforms with confidence.”
Chris King, Senior Director – Cyber Threat Operations
Key features that made VMRay indispensable included:
“Not everyone’s going to be comfortable using VirusTotal or other investigative tools. But everyone feels comfortable using VMRay. That’s a success story in itself.”
Chris King, Senior Director – Cyber Threat Operations
As the team grew more familiar with VMRay, its use expanded beyond the initial malware detonation use case. The platform became a cornerstone for various cybersecurity functions, including:
“We monitor adversary infrastructure, like domain registrations linked to threat actors such as Scattered Spider. VMRay helps us interact with these sites in real time, pulling valuable data to determine if they’re part of an adversary’s infrastructure.”
Chris King, Senior Director – Cyber Threat Operations
Automation is another area where VMRay has proven invaluable. The team is working on integrating the platform with ServiceNow to automate threat analysis workflows to eliminate the manual submission process.
The adoption of VMRay has led to measurable improvements in Northwestern Mutual’s cybersecurity operations:
The ability to swiftly detect and analyze threats has revolutionized the company’s threat response process. With VMRay’s accurate and comprehensive analysis, and the automated workflows that Chris’ team deployed, the team can quickly validate and enrich alerts and investigate threats, reducing the time spent on manual investigations.
This efficiency has directly impacted their containment metrics.
“We’ve gone from over 24 hours to just minutes for detection, with most investigations completed in under an hour.”
Chris King, Senior Director – Cyber Threat Operations
By integrating VMRay with ThreatConnect, Northwestern Mutual can access real-time data, enriching their threat intelligence operations with deep insights and context around the threats. This integration provides insights that enable the team to track threat evolution and perform retrospective analyses.
The capability to uncover connections between threat actors and campaigns has proven invaluable.The integration with ThreatConnect allows the team to pull real-time data and insights
“VMRay often identifies threats before they’re formally attributed to a specific threat group, giving us a critical head start. Understanding the connections between threat actors, groups and TTPs help us improve SOC effectiveness.”
Chris King, Senior Director – Cyber Threat Operations
The platform’s advanced capabilities offering both with automated analysis and interactive analysis have empowered the team to move beyond reactive defense strategies. VMRay enables the fast analysis of adversary infrastructure, helping analysts track and identify emerging threats.
This agility is crucial in countering sophisticated actors who quickly spin up and dismantle phishing campaigns.
“VMRay helps us stay ahead by interacting with sites quickly and pulling actionable data.”
Chris King, Senior Director – Cyber Threat Operations
Automation is another area where VMRay has proven invaluable. After extensive hands-on use and gaining trust in the accuracy of its analysis, the team is now focused on scaling its impact by integrating VMRay with ServiceNow to automate threat analysis workflows.
“VMRay’s reliability has given us the confidence to take the next step—automating our submission process and having results seamlessly integrated into ServiceNow. This will not only save analysts significant time but also ensure faster, more efficient response actions.”
Chris King, Senior Director – Cyber Threat Operations
For Northwestern Mutual, cybersecurity is not just about detection and response—it’s about maintaining trust and safeguarding sensitive financial data in an ever-evolving threat landscape. By integrating VMRay into their security operations, the company has strengthened its ability to detect, analyze, and respond to threats with greater speed and precision.
A key factor in selecting VMRay was its commitment to privacy. Given the regulatory requirements of the financial sector, ensuring that customer data remains secure and under full control was non-negotiable. VMRay’s approach to data sovereignty, with strict privacy protections and secure data storage, provided the assurance Northwestern Mutual needed to adopt the platform with confidence.
With reduced investigation times, enhanced threat intelligence capabilities, and proactive threat hunting, Northwestern Mutual continues to stay ahead of adversaries. VMRay has become an indispensable tool for the team, not just in addressing immediate threats but in shaping a long-term, resilient cybersecurity strategy—one that prioritizes both advanced detection and uncompromising privacy.
“VMRay continues to be a critical part of our security operations. It’s a tool we trust to protect our most sensitive data and enable our teams to work smarter and faster.“
Chris King, Senior Director – Cyber Threat Operations
For the deep threat analysis purposes, the customer needed the accuracy, depth and precision that VMRay Platform offers to understand the threats and respond to incidents on time with reliability.
They wanted to develop a proactive and fact-based security approach to have a complete understanding of the threat and improve detection capabilities, to have a stronger security posture when faced with the threat in the future.
Check our latest insights on malware, phishing, sandboxing, AI in cybersecurity, and much more.
Browse the courses about alert handling, deep threat analysis and response, threat intelligence generation and more.
See real-world examples of VMRay’s best-in-class malware analysis and detection platform.
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
