Within one week, Mercury Financial established complete cyber asset visibility across 130 integrations. AWS triage time now takes one second, and resources have been reallocated towards continuous compliance and streamlined vulnerability management.
Mercury® Financial found themselves on the hunt for a CMDB tool that could track all their assets but couldn’t find a platform that worked well with a cloud-native environment. They also didn’t want “just a vendor” – they were looking for a true partner to help them build a better security practice.
Although their needs ranged from metadata and configuration visibility, to GRC and vulnerability management and reporting, one item was the clear priority across all functions: a single source of truth to see and understand the security health of all cyber assets.
Mercury is focused on creating and maintaining clear visibility into their ever-growing AWS environment to ensure it is appropriately controlled and secured. A heavy emphasis is placed on eliminating blind spots to ensure all servers and endpoints are accounted for through comprehensive asset visibility.
In general, attack surfaces can be difficult to organize into a trusted, user-friendly dashboard. Being able to understand risks, severity, overall security coverage, and trending data in the context of asset relationships and attack paths can be difficult at best, but is often not possible for many organizations.
The Mercury team’s goal is to track their security health in an intuitive, programmatic way. Individual tech stack vendors that lack out-of-the box dashboards may offer on-demand custom versions. But, that is dependent on vendor availability, and often results in disparate dashboards across tooling.
Within a week of deploying JupiterOne and only using out-of-the-box capabilities, Mercury was able to set up 30 integrations and get complete visibility into their cloud environment.
The ability to query and derive insights from a cyber asset universe stems from the relational context that lies in between the asset relationships. Because of the speed at which JupiterOne was deployed, Mercury could immediately leverage this capability to:
“One of the big things that got us excited about JupiterOne was the Graph view – seeing how everything is connected. That, plus knowing that we had the out-of-the-box Insights Dashboards for Incident Response helped me sleep better.” said Dlaine Miley, Cloud Security Engineer.
JupiterOne automatically and continuously pulls information from thousands of assets and presents it in a consumable way. This means that all data is aggregated, correlated, and normalized for easy analysis to provide Mercury with a baseline of KPIs.
Power users of the Insights Dashboards for Incident Response and Cloud Workload Analysis have all the key metrics pre-packaged and programmed into a continuously updated interface. This single source of truth makes it easier on the team to identify hot spots and trends.
In addition to monitoring trends and performance, complete visibility into their cyber assets surfaces hidden costs and application license usage metrics. The team leverages customized dashboards to forecast their AWS license usage metrics and billing forecast. By doing so, they’re staying proactive about their budget spending and can easily spot areas of overspending.
Much like all compliance frameworks, PCI encourages the approach to security as a continuous process. Given the dynamic, ever-changing nature of digital environments, any assessment of an organization’s state of PCI compliance can change in an instant. JupiterOne’s PCI compliance management capabilities align with the continuous compliance approach that PCI 4.0 requires.
“This tool empowers us to be more proactive. I can report current risk and PCI compliance metrics month over month and maintain that level of PCI compliance. That’s a return on investment all on its own,” said Anthony Cunha.
Within one week, the Mercury Financial team established complete cyber asset visibility and were able to reallocate their time and resources to create automated, streamlined processes that maintained PCI compliance and identified vulnerabilities.
From cloud engineering and product security teams using JupiterOne for visibility and real-time analysis, to the GRC team leveraging JupiterOne for continuous PCI compliance, Mercury Financial takes advantage of their JupiterOne deployment to meet security objectives across business functions.
If you’d like to explore how asset visibility can improve your security posture, talk to our sales team today.
Mercury Financial is a fintech company that strives for financial inclusivity by helping customers manage their credit responsibly for a better life. Their innovative, flexible technology guides customers with data so they can confidently make better credit decisions.
Anthony Cunha, CISO
Anthony leads the cybersecurity compliance team at Mercury Financial and works to streamline GRC and auditing activities.
Vishakh Lakshmikanth, Head of Cloud Engineering
Vishakh spearheads cloud engineering and network security, DevOps, systems engineering and administration, architecture review, and file operations and transfer workflows.
Dlaine Miley, Cloud Security Engineer
Dlaine’s primary responsibilities focus on AWS and supporting the cloud-native side of the business.
Alex Arango, Head of Cyber Threat Management
Alex leads all the SecOps initiatives at Mercury Financial, including threat monitoring and incident response.
Essentially, the teams run in parallel – the cloud security team implements the standards created by the CISO and Cyber Threat Management teams.
The information in this document is published for informational purposes only. Views expressed herein are not intended to be and should not be viewed as advice or as a recommendation. Any opinions expressed in this document and related links are the opinions of the individual author and may not reflect the opinions of Mercury Financial. This document may contain links to other third-party websites that are only for the convenience of the reader. Mercury Financial does not recommend or endorse the contents of the third-party sites.
In 2020, the Indeed leadership team saw an opportunity to innovate and mandate a company-wide strategy: Indeed would migrate its business infrastructure from data centers into a cloud-first environment. The goal was to transition to a 100% multi-cloud environment to better scale and support their changing business and customer needs.
Daniel leads the company’s asset and attack surface management program. His team is actively responsible for securing all cloud resources, physical devices, and SaaS applications that process sensitive financial and customer data across the online brokerage.
Sean Cooper joined LiveIntent three years ago to help build out their security program. As the company grew, and the security challenges evolved, Sean found that the security team needed better visibility into their environment and a better process for managing incident responses, audits, and day-to-day security operations.