Explore how a leading insurance company transformed incident response and expanded advanced threat detection to automating security tasks.
In the ever-evolving landscape of cybersecurity, financial services and insurance companies face significant challenges.
This is the story of a leading global insurance and financial services company with over 150,000 employees worldwide. As one of the world’s top insurers and asset managers, they operate in a highly regulated industry where securing customer data and high-value assets is paramount.
The journey with VMRay began with the company’s focus on incident response and manual analysis of malware threats. In the financial services sector, the stakes are high: breaches can result in significant financial losses, reputational damage, and legal repercussions. Recognizing that “good enough” is not sufficient, the company sought a best-of-breed solution to ensure ultimate cyber resilience against unknown threats.
VMRay’s ability to observe, log, and report malicious activities throughout the full route of their execution was a game-changer. This capability enabled the company to detect evasive threats using multi-step delivery chains designed to bypass conventional security tools, providing an in-depth and accurate analysis of malware and phishing samples.
“VMRay’s ability to follow the full execution path of multi-stage attacks has been invaluable. Even when a sample initially appears harmless, VMRay tracks its activity to the end, revealing hidden threats. This depth of analysis gives us the confidence to detect and understand sophisticated, evasive malware that traditional tools often miss.”
Phishing remains one of the most prevalent threats, with 94% of breaches originating from phishing attacks. For a company with tens of thousands of email users, managing user-reported phishing attacks can be daunting. The company’s partnership with VMRay significantly improved their phishing detection and response capabilities.
Using VMRay’s user-reported phishing solution, employees can send suspicious emails directly to VMRay via an Outlook plugin. This allows for deep, third-party assessment with safe detonation and rapid analysis, all without direct involvement from the SOC team.
The introduction of VMRay’s AI-supported detection further enhanced their security posture. VMRay’s Machine Learning engine, powered by high-quality, accurate, and relevant data from dynamic analysis, ensured precise and reliable detection of phishing threats from day one.
“VMRay’s user-reported phishing solution and AI-supported detection frees up our SOC team as with the Outlook plugin, our employees can easily send suspicious emails for deep, safe analysis.”
The success of VMRay’s incident response and phishing detection capabilities led the company to integrate VMRay’s analysis into their broader security operations. Recognizing the value of VMRay’s reliability without compromising speed, they expanded its use to automating alert enrichment and investigation.
By leveraging VMRay’s integrated connector, the company seamlessly incorporated VMRay’s analysis into their EDR/XDR vendor’s alerts. This helped them reduce manual work and automate incident submission. Finally, they started integrating VMRay to alert investigation within their SOAR platform, and forwarding IOCs to MISP for threat intelligence, enhancing their overall security operations.
“Our journey with VMRay has evolved significantly over time. As our security needs grew, VMRay adapted perfectly, proving invaluable for automated use cases. VMRay’s scalability and consistent high-quality results have been crucial in ensuring robust security coverage for the increasing demands for security.“
The customer’s journey with VMRay started with manual analysis of malware threats. As the company’s needs evolved, they expanded their use of VMRay to include user-reported phishing. Recognizing the reliability and speed of VMRay’s analysis, they further extended its application to automated use cases for EDR, SOAR, and threat intelligence.
The company appreciates the fact that VMRay’s accurate and reliable analysis can be extended across various SOC operations. This includes incident responders, threat hunters, SOC analysts, and the CTI team. VMRay has proven its ability to scale with the company’s growing security demands, by expanding to new use cases that the customer needed, and integrating with various security tools they are using, and delivering consistent and high-quality results even when the number of submissions grows.
Check our latest insights on malware, phishing, sandboxing, AI in cybersecurity, and much more.
Browse the courses about alert handling, deep threat analysis and response, threat intelligence generation and more.
See real-world examples of VMRay’s best-in-class malware analysis and detection platform.