Case Study

Health Insurer

Health Insurer Detects External Threats

The Challenges

After a series of global acquisitions, the customer had consequently inherited sizeable collections of digital assets. These assets were rolled into the customer’s vast digital footprint— the customer’s entire collection of websites, mobile apps, social media profiles, landing pages, portals, forms and more—without security program review. The Chief Information Security Officer (CISO) needed to ensure that assets were in compliance with company standards and regulations including the Health Insurance Portability and Accountability Act (HIPPA).

Challenge: Digital Asset Discovery and Inventory

The CISO’s initial goal was to centralize control of the company’s digital assets. However, these assets existed in siloed environments, and various departmental groups within the company controlled the assets. Gathering an accurate, complete inventory would be a daunting task, given the number of unknown digital assets acquired and the security group’s lack of visibility.

Challenge: Social Media Brand Abuse

The CISO’s other challenge was the abuse of the company’s brand in social media. Threat actors misrepresented themselves as company agents and provided false or misleading information about the company. Moreover, social media was increasingly used to access the company’s customers’ personally identifiable information (PII) through false means. Given the volume and speed of all posts and updates, social media brand abuse is difficult to police.

The Solution

The RiskIQ Digital Footprint solution continuously discovers, indexes and manages Internet assets from the outside-in. With RiskIQ Digital Footprint, the insurance company’s CISO centralized control of all web, mobile and social assets—enabling the security team to respond quickly to external threats and take control of assets outside its firewall. With a dynamic index of the web attack surface, the customer’s security team quickly brought unknown or shadow IT assets under management and moved quickly to eliminate rogues. The customer now has the technology and support needed to make accurate, strategic risk management decisions to support web, mobile and social properties and to eliminate threats to customers, employees and the organization.

The RiskIQ for mobile platform gives us new visibility into a landscape that lacks conventional sensors. They are helping us manage disruptive technologies that are essential in delivering a forward-thinking customer interaction.

--, CISO, Fortune 100 Insurance Company Fortune 100 Insurance Company

The Results

RiskIQ finds an average of 2,000 events per week that indicate some level of vulnerability or abuse of the insurance company’s web pages, mobile apps or brand reputation. This intelligence enables the customer to order take-downs of copycat applications and web pages, address vulnerabilities in application code, and protect against illicit domains from abusing the customer’s brand and trademark information.

For the customer, the threat of rogue assets was most present in mobile. RiskIQ discovered that third-party app developers were creating mobile apps designed to look, act and feel like they were authored by the customer. The intent was to install software on users’ devices to generate revenue from unsolicited digital ads. The customer recognized these apps could be very dangerous if sensitive information were shared.

Finally, RiskIQ leads monitoring for cases of domain infringement, in which a cybersquatter obtains Internet domain names that are identical or confusingly similar to the insurance company’s mark. Domain names routinely infringe on trademarks, resulting in confusion, a poor customer experience and harm to the customer’s brand. Domain infringement is no longer a concern with RiskIQ watching over the customer’s domain names.