Challenge
A U.S. mortgage lender was frustrated with the inaccurate data provided by their legacy security ratings solution that didn’t provide actionable intelligence. They knew the data was not up to date nor reflective of the security posture of their enterprise or their third parties.
Key Results
The organization chose FortifyData to monitor their enterprise and third-party risk based on direct assessments. This enables them to get an accurate, and complete, view of their cyber risks with actionable data and recommendations to remediate vulnerabilities or other cyber risks.
Overview
A U.S. mortgage lender was looking to solve their issue of finding an accurate way to assess and monitor their enterprise and third-party cyber risk. Cyber risk is a top concern for financial institutions, including mortgage lending providers, which rely heavily on technology, have an expansive third-party network, and must secure sensitive customer data.
The Challenge
Previously, their IT security team used a first-generation security ratings platform to assess its enterprise along with third parties. While the team could quickly retrieve assessment data, they were increasingly frustrated with issues, such as:
“I was not happy with [our previous tool’s] scoring methodologies. We are being monitored by other companies, too, and our score was not reflective our actual security posture. We were ready to move on,” said the organization’s Director of Cybersecurity Services.
When looking for a new solution to replace the security ratings platform, they outlined success criteria that included considerations for:
“One of biggest reasons we chose FortifyData is the ability to do fresh scans each week for our enterprise and each month for our third parties, and the scans are not based on any legacy data. That gives me a more accurate
representation of what the security vulnerabilities are”
Director of Cybersecurity Services, U.S. Mortgage Lending Company
The Results
They ultimately decided to purchase FortifyData, which conducts continuous direct assessments and provides a more accurate way to look at themselves and their third parties based on continuous assessments.
“One of biggest reasons we chose FortifyData is the ability to do fresh scans each week for our enterprise and each month for our third parties, and the scans are not based on any legacy data. That gives me a more accurate representation of what the security vulnerabilities are,” said their Director. “With the previous tool, it seemed like most of my time was spent arguing about assets that weren’t mine.”
With this more accurate information, their security team can drill down specifically to assets and vulnerabilities and provide actionable data that can be used for remediation.
The mortgage lender is also leveraging the email security feature provided by FortifyData, which assesses email security for all domains tied to a company including SPF, DMARC and DKIM issues.
“Because so much of the mortgage industry is done through email, that if a fraudulent email can be sent from a company that we’re doing business with, that could absolutely penetrate our network. So, we have to monitor email security and ask organizations to remediate things, like a DMARC misconfiguration,” said their Director.
The organization also highlighted the great customer service they’ve received from FortifyData, which has quickly implemented their requests for enhancements within the platform.
“I really appreciate that the customer service team listens to the feedback that I’ve given and enhancements I have requested in the tool. They understand the use cases and they’ve added features beyond what I requested in the POC. I appreciate FortifyData’s willingness to get feedback from customers and then seeing that feedback realized quickly.”
