SCM Insurance Services has been supporting the insurance and risk management community for more than 30 years with over 200 locations and over 3,000 employees across North America providing claims adjusting, third-party administration (TPA), risk management, investigative, surveillance, risk mitigation, medical services, forensic services (accounting/engineering), and risk intelligence.
Prior to onboarding Cybereason solutions, SCM met their security needs primarily through an outside managed security service provider.
The MSSP had been engaged for nearly three years for detection and alerting when the SCM security team uncovered gaps in threat visibility after routine penetration testing exercises that simulated cyber attacks.
This discovery led the SCM team to undertake a deep-dive examination of their security posture, programs and tools in place.
This analysis exposed the need for an internally-managed endpoint detection and response (EDR) solution, with Cybereason being one of three solutions selected for the evaluation process by SCM.
SCM ultimately decided to implement the Cybereason Enterprise option which combines NGAV prevention and endpoint controls with EDR for deep contextual correlations in real-time across all endpoint assets, as well as engaging in a thorough compromise assessment and implementing Cybereason’s continuous threat hunting managed service.
“The reason why we chose Cybereason was because of our need for comprehensive detection that’s mapped to MITRE ATT&CK, [...] to produce an alert faster[...], and to increase the speed to mitigation,” said Nick LaPointe, Information Security Administrator for SCM Insurance Services.
The Cybereason Defense Platform allows the SCM team to identify threats quickly with a high degree of accuracy through enriched data from all endpoints, leverage fully contextualized intelligence for high fidelity detections that eliminate advanced threats at any point in the kill chain, and remediate automatically or with a single click to kill processes, remove persistence, prevent execution and isolate targeted machines.
After implementation, Cybereason immediately improved the overall tracking of incidences and reporting KPI’s communicated up the internal chain of command, bolstering this key component of an incident response program. Cybereason has increased detections for the SCM team while leveraging the MITRE ATT&CK knowledge base for faster detections, increased situational awareness, and a reduced mean-time to response (MttR).
“It’s like having an actual employee in the environment that actively protects the host. So, while we can’t watch everything all the time everyday, we have full confidence that Cybereason is watching all and is keeping threats in check - it’s a great marriage,” said LaPointe.
“And it significantly reduced our time threat hunting and quickened analysis of weird behaviors in the environment for sure. With Cybereason, from day one you can start building investigations easily with little to no threat hunting knowledge.”