Besso Insurance Group Uses Proofpoint to Protect Data Assets

Company Gains Around-the-Clock Visibility into All User Activity to Detect, Manage, Investigate and Resolve Insider Threats
The Challenge
  • Protect sensitive and confidential customer data
  • Monitor user activity and alert security teams to suspicious or out-of-policy behaviour
  • Investigate and evaluate the context and intent around a potential breach
  • Manage volume of alerts and focus on priorities
The Solution
  • Proofpoint Insider Threat Management
The Results
  • Achieved customised protection of data assets
  • Created comprehensive visibility into day-to-day user activity
  • Increased speed and precision of investigations
  • Reduced time spent on security, with a core IT team handling cybersecurity globally
  • Ensured the secure handling of email for vessel fleet continuously exchanging information with many unknown and international operators

The Challenge

As an insurance company, Besso evaluates risk on a daily basis. And similar to the financial and legal sectors, it handles a great deal of sensitive client information. Given the highly confidential nature of the data it processes, Besso was committed to protecting these valuable assets and set out to find a security solution that could be tailored to its specific needs, enabling it to take a proactive, rather than reactive, approach to data protection.

“As the insurance industry becomes increasingly reliant on more and more data to assess risk, it’s becoming even more vital to confront the key threats to data security—and insider threat is clearly one of them. Whether it’s accidental or intentional, if someone breaches your system and data gets out in the world, there are serious consequences for both the individuals affected and the business,” said Alex Money, head of information security and enterprise architecture at Besso Insurance Group, Ltd.

Aware of the risks and far-reaching consequences of insider threats, Besso required full visibility into its everyday users’ activities and a solution that alerted security teams to suspicious or out-of-policy behaviour in real-time. It was crucial for them to choose a solution that enabled them to fully investigate and evaluate the context and intent around a potential breach and, by doing so, show senior management that robust and proactive steps were being taken to protect the business and its customers’ data.

“You need to know what’s happening in your organisation 24/7, and technology that allows you to monitor and control user activity around the clock puts you in the best position to stop data from leaving before it’s too late,” said Alex Money, head of information security & enterprise architecture, Besso Insurance Group Ltd.

“When we judge certain user activity to be especially risky to our cybersecurity, Proofpoint gives us the ability to write our own rules to protect against it. If someone then engages in malicious behaviour, we are immediately alerted, in real time, that they’re doing something against policy—instead of finding out after the fact, when it’s detected only because the damage has already been done. That’s the real power of Proofpoint.”

Alex Money, head of information security & enterprise architecture, Besso Insurance Group Ltd.

The Solution

Fortem Information Technology introduced Besso to Proofpoint. Working in partnership, Besso deployed Proofpoint Insider Threat Management across its organisation worldwide, and Fortem IT coordinated the relationship to ensure a seamless implementation.

“The IT security team can now rely on Proofpoint to provide full visibility into user activity 24/7, and no longer has to waste time reviewing copious amounts of logs in search of a potential problem or reverse engineer something after it has already gone awry,” said Tunji Oyedele, director of sales, Fortem Information Technology. “When there’s an actual issue that requires further investigation, the team is alerted and immediately has all the details and context they need at their fingertips.”

The Results

Besso was able to tailor Insider Threat Management rules and alerts to meet its particular business needs and make the most efficient use of the 400+ out-of-the-box indicators of insider threat Proofpoint provides.

By categorising specific user activity to correspond with low, medium and high alerts, Besso was able to manage the volume of alerts it needed to focus on. The security team was then able to prioritise the investigations and responses, recording activity only when it was high priority and, in doing so, this helped to reduce its data storage requirements to one gigabit. This approach also meant the security team at Besso could take the right action when it was needed.

Shortly after Insider Threat Management was implemented, Besso was alerted to several cases of users logging in and using prohibited applications. The ability to integrate Proofpoint into their AlienVault SIEM platform ensured that Besso had around-the-clock visibility into user activity. This allowed them to quickly identify and manage insider threat incidents. This visibility removes uncertainty as to the “who, what, when, where, why and how” of the policies broken, not only with respect to employees but also third-party vendors.

Likewise, Proofpoint has helped Besso simplify their auditing process by enabling the organisation to generate reports that provide summary information with greater clarity and context. As a result, Besso’s executive team and board of directors are kept abreast of the company’s cybersecurity program and feel confident data protection is being handled proactively and comprehensively.

Download Customer Story