Mercury Financial tackles complexity with a single source of truth

Within one week, Mercury Financial established complete cyber asset visibility across 130 integrations. AWS triage time now takes one second, and resources have been reallocated towards continuous compliance and streamlined vulnerability management.

Business benefits

• Established visibility across AWS accounts and over 150 applications with 30 integrations in less than a week
• Created custom Insights Dashboards for Incident Response actions and cloud workload analysis 
• Cut manual AWS triage time and effort from 20 minutes to one second by leveraging comprehensive visibility 
• Enhanced proactive PCI compliance practices
• Utilized relational context via Graph view to visualize blast radius

CHALLENGES

Mercury® Financial found themselves on the hunt for a CMDB tool that could track all their  assets but couldn’t find a platform that worked well with a cloud-native environment. They also didn’t want “just a vendor” – they were looking for a true partner to help them build a better security practice.

Although their needs ranged from metadata and configuration visibility, to GRC and vulnerability management and reporting, one item was the clear priority across all functions: a single source of truth to see and understand the security health of all cyber assets.

Solving for AWS complexity

Mercury is focused on creating and maintaining clear visibility into their ever-growing AWS environment to ensure it is appropriately controlled and secured. A heavy emphasis is placed on eliminating blind spots to ensure all servers and endpoints are accounted for through comprehensive asset visibility.

Streamlining disparate reporting capabilities

In general, attack surfaces can be difficult to organize into a trusted, user-friendly dashboard. Being able to understand risks, severity, overall security coverage, and trending data in the context of asset relationships and attack paths can be difficult at best, but is often not possible for many organizations.

The Mercury team’s goal is to track their security health in an intuitive, programmatic way. Individual tech stack vendors that lack out-of-the box dashboards may offer on-demand custom versions. But, that is dependent on vendor availability, and often results in disparate dashboards across tooling.

SOLUTIONS

One week to results; One second to answers

Within a week of deploying JupiterOne and only using out-of-the-box capabilities, Mercury was able to set up 30 integrations and get complete visibility into their cloud environment.

The ability to query and derive insights from a cyber asset universe stems from the relational context that lies in between the asset relationships. Because of the speed at which JupiterOne was deployed, Mercury could immediately leverage this capability to: 

• Get answers to complex questions in as little as one second
• Make informed decisions for incident response
• Establish proactive vulnerability management processes
• Prioritize alerts and issues
• Demonstrate continuous PCI compliance
• Create thorough reporting capabilities

“One of the big things that got us excited about JupiterOne was the Graph view – seeing how everything is connected. That, plus knowing that we had the out-of-the-box Insights Dashboards for Incident Response helped me sleep better.” said Dlaine Miley, Cloud Security Engineer.

JupiterOne Insights Dashboards for easy analysis

JupiterOne automatically and continuously pulls information from thousands of assets and presents it in a consumable way. This means that all data is aggregated, correlated, and normalized for easy analysis to provide Mercury with a baseline of KPIs. 

Power users of the Insights Dashboards for Incident Response and Cloud Workload Analysis have all the key metrics pre-packaged and programmed into a continuously updated interface. This single source of truth makes it easier on the team to identify hot spots and trends.

AWS cost management made easy

In addition to monitoring trends and performance, complete visibility into their cyber assets surfaces hidden costs and application license usage metrics. The team leverages customized dashboards to forecast their AWS license usage metrics and billing forecast. By doing so, they’re staying proactive about their budget spending and can easily spot areas of overspending.

Additional ROI from Continuous PCI compliance

Much like all compliance frameworks, PCI encourages the approach to security as a continuous process. Given the dynamic, ever-changing nature of digital environments, any assessment of an organization’s state of PCI compliance can change in an instant. JupiterOne’s PCI compliance management capabilities align with the continuous compliance approach that PCI 4.0 requires. 

“This tool empowers us to be more proactive. I can report current risk and PCI compliance metrics month over month and maintain that level of PCI compliance. That’s a return on investment all on its own,” said Anthony Cunha.

RESULTS

Within one week, the Mercury Financial team established complete cyber asset visibility and were able to reallocate their time and resources to create automated, streamlined processes that maintained PCI compliance and identified vulnerabilities.

From cloud engineering and product security teams using JupiterOne for visibility and real-time analysis, to the GRC team leveraging JupiterOne for continuous PCI compliance, Mercury Financial takes advantage of their JupiterOne deployment to meet security objectives across business functions. 

If you’d like to explore how asset visibility can improve your security posture, talk to our sales team today. 

‍Mercury Financial is a fintech company that strives for financial inclusivity by helping customers manage their credit responsibly for a better life. Their innovative, flexible technology guides customers with data so they can confidently make better credit decisions.

Meet the team

Anthony Cunha, CISO
‍Anthony leads the cybersecurity compliance team at Mercury Financial and works to streamline GRC and auditing activities.

Vishakh Lakshmikanth, Head of Cloud Engineering
Vishakh spearheads cloud engineering and network security, DevOps, systems engineering and administration, architecture review, and file operations and transfer workflows. 

Dlaine Miley, Cloud Security Engineer
Dlaine’s primary responsibilities focus on AWS and supporting the cloud-native side of the business.

Alex Arango, Head of Cyber Threat Management
Alex leads all the SecOps initiatives at Mercury Financial, including threat monitoring and incident response.

Essentially, the teams run in parallel – the cloud security team implements the standards created by the CISO and Cyber Threat Management teams.

The information in this document is published for informational purposes only. Views expressed herein are not intended to be and should not be viewed as advice or as a recommendation. Any opinions expressed in this document and related links are the opinions of the individual author and may not reflect the opinions of Mercury Financial. This document may contain links to other third-party websites that are only for the convenience of the reader. Mercury Financial does not recommend or endorse the contents of the third-party sites.