Collective Health Boosts Identity and Access Controls with ATO Prevention
- Collective Health enhanced their email-based identity layer to protect against lateral account movement with Material’s ATO Prevention.
- Material’s Phishing Herd Immunity enabled Collective Health to scale user phishing reporting while reducing the triaging time.
- With a dedicated, isolated instance deployed, Collective Health received full privacy and control over Material’s underlying infrastructure.
“Account Takeover Prevention was a force multiplier for us. It allowed our security team to enhance our identity layer program and gain visibility —all while being able to enforce a second factor on top of everything.”
— Brad Chivukula, VP of Engineering, Collective Health
A fast-growing healthcare tech company, Collective Health is on a mission to reinvent the healthcare experience. But its business, by definition, involves handling tons of sensitive content across many different systems. If a security breach or unauthorized access were to occur, the damage could be detrimental.
Fortunately, Collective Health has a top-notch security team. Meet Brad Chivukula, VP of Engineering and Rohit Parchuri, former Director of Security. Their team was responsible for securing Collective Health's platform, including the critical task of protecting systems with sensitive information such as Protected Health Information (PHI).
As part of one of their regular audits, the team honed in on how to enhance authentication and access control across the company.
“From a corporate security standpoint, there was an opportunity to review the configurations of Collective Health’s many sensitive systems—email was a part of that effort.”
Email: The Key to Many Accounts
Email is the unofficial identity layer of the web and often the key to many other applications. As a result, attackers can exploit email accounts to gain access to other more critical systems.
For example, If an attacker managed to gain access to a mailbox, they could then send password resets to break into other applications and services holding sensitive information. And even when organizations put solutions like Single Sign-On (SSO) in place, many apps still reset passwords over email due to misconfiguration or lack of SSO support.
"We had a list of all the critical infrastructure and assets at the company, and Material’s functionality has allowed us to enhance authentication across the board."
Strengthening Email as an Identity Provider
Material’s Account Takeover (ATO) Prevention stops attackers from leveraging the mailbox to hijack other critical services. The feature adds a verification step, such as an existing MFA provider, for users before granting access to password resets and other account verification messages.
“Account Takeover Prevention was a force multiplier for us. It allowed our security team to enhance our identity layer program and gain visibility —all while being able to enforce a second factor on top of everything. It was especially effective when it came to privileged account access across our sensitive systems.”
Additional Problems Solved: Phishing Reporting & Triage
In addition to protecting email as an identity layer, Material also helped Collective Health with a more traditional email security problem: phishing scams and the operational burden of responding to them efficiently.
Previously, Collective Health users had to manually submit a case to a ticketing system, upload a screenshot, add technical details, and more. When users submitted a phishing report, the security team then had to manually triage it and investigate the full scope of the attack.
The team deployed Material’s Phishing Herd Immunity to help. First, users could now report a phishing attempt directly from their inbox just by applying a Gmail label. This huge improvement in usability led to a jump in user phishing reporting.
Second, the security team could set automated remediation rules when a phishing report came in. Material would automatically ingest the report, look for similar messages, and apply the configured remediation policy. This meant that a single user’s report could instantly protect other employees with similar messages in their inbox; no need to wait for a manual review from the security team. In the case of a false positive report, the security team could simply revert the remediation and restore the original messages.
“The differentiator was the auto-remediation feature. We could define the policy and remediation before needing a manual validation to happen on the platform. There was less guesswork and unpredictability.”
Best of all, with Material, Collective Health was able to consolidate the new phishing response process with the company’s alerting tools like PagerDuty. The team created a single funnel for all incidents to assign an analyst for response and gain visibility into incident response time, volume of reports, security patterns, and more.
“We consolidated all the security reports that came in and alerted ourselves once, in batch. We were at peace knowing the auto-remediation already took place for phishing reports.”
Better Control over the Data Infrastructure
Another game changer for Collective Health—Material’s deployment model.
With Material, the team received a single-tenant, cloud-based instance and full control over the application’s underlying infrastructure.They maintained full ownership of the email data and could audit the Material service at every level—a huge benefit for data privacy and control.
”The level of access to the underlying infrastructure for a security product along with the product itself is highly valuable. We have better control over the environment.”
With improved visibility and control across the board, Collective Health was able to take charge of its most critical application and further secure systems and sensitive content.