Collective Health Boosts Identity and Access Controls with ATO Prevention
- Collective Health enhanced their email-based identity layer to protect against lateral account movement with Material’s ATO Prevention.
- Material’s Phishing Herd Immunity enabled Collective Health to scale user phishing reporting while drastically reducing the Security team’s time spent triaging.
- With a dedicated, isolated instance deployed, Collective Health received full privacy and control over Material’s underlying infrastructure.
“Account Takeover Prevention was a force multiplier for us. It allowed our security team to enhance our identity layer program and gain visibility into the systems we might have missed in the past—all while being able to enforce a second factor on top of everything.”
A fast-growing healthcare tech company, Collective Health is on a mission to reinvent the healthcare experience. But its business, by definition, involves handling tons of sensitive content across many different systems. If a security breach or unauthorized access were to occur, the damage could be detrimental, from compliance fines to reputational loss with customers.
Fortunately, Collective Health has a top-notch security team. Meet Brad Chivukula, VP of Engineering and Rohit Parchuri, former CISO. Their team was responsible for securing Collective Health's platform and ensuring it met or exceeded regulatory requirements. Above all, they were responsible for the critical task of protecting systems with sensitive information such as Protected Health Information (PHI).
As part of one of their regular audits, the team honed in on how to enhance authentication and access control across the company:
“From a corporate security standpoint, there was a clear and urgent opportunity to review the configurations of Collective Health’s many sensitive systems—email was a part of that effort.”
The Risk: Identity Compromise via the Inbox
In their audit, the security team identified losing identity as a key risk across all applications in use. The team found they had a single point of failure: many of their applications relied on email as an identity provider. As a result, an attacker could exploit email accounts to gain access to other critical systems.
“Email acts as a primary identity provider. Compromising mailboxes would open the attack surface up to a point where it's much more significant and hard to combat.”
For example, if an attacker managed to gain access to a mailbox, they could then send password resets to easily break into other applications and services holding even more sensitive information.
“We had a list of all the critical infrastructure and assets at the company, but didn’t have an easy way to enhance our authentication practices across the board. Material’s functionality has helped us do just that.”
Protecting Email as the Key to Many Other Accounts
Material’s ATO Prevention enabled Collective Health to stop attackers from leveraging the mailbox to hijack other critical services. The feature adds a verification step, such as an existing MFA provider, for users before granting access to password resets and other account verification messages. In the case of Collective Health, it allowed the team to take their existing defense in depth philosophy and extend it to the identified weak point: email accounts.
“ATO Prevention was a force multiplier for us. It allowed our security team to enhance our identity layer program and gain visibility into the systems we might have missed in the past—all while being able to enforce a second factor on top of everything. It was especially effective when it came to privileged account access across our sensitive systems.”
Additional Problems Solved: Phishing Reporting & Triage
In addition to protecting email as an identity layer, Material also helped Collective Health with a more traditional email security problem: phishing scams and the operational burden of responding to them efficiently.
Previously, Collective Health had a long and tedious process for users to submit a phishing report. Users had to manually submit a case to a ticketing system, upload a screenshot, add technical details, and more. The dreaded workflow resulted in many attacks going unreported. When users did submit a phishing report, the security team had to then manually triage it and investigate the full scope of the attack. Even after triaging a user’s report, the security team was left wondering if other employees had fallen for the same attack or if there were other variants of the attack that weren’t reported.
The team deployed Material’s Phishing Herd Immunity to help. First, users could now report a phishing attempt directly from their inbox just by applying a Gmail label. This was a huge improvement in usability and led to a jump in user phishing reporting.
Second, the security team could set automated remediation rules when a phishing report came in. Material would automatically ingest the report, look for similar messages, and apply the configured remediation policy. This meant that a single user’s report could instantly protect other employees with similar messages in their inbox; no need to wait for a manual review from the security team and risk another user accidentally falling victim to the attack. In the case of a false positive report, the security team could simply revert the remediation and restore the original messages.
“The differentiator was the auto-remediation feature not found with other vendors. We could define the policy and remediation before needing a manual validation to happen on the platform. There was less guesswork and unpredictability.”
Best of all, with Material, Collective Health was able to consolidate the new phishing response process with the company’s primary alerting tool, PagerDuty. The team created a single funnel for all incidents to assign an analyst for response and gain visibility into incident response time, volume of reports, security patterns, and more.
“We consolidated all the security reports that came in and alerted ourselves once, in batch, and at a comfortable time. We were at peace knowing the auto-remediation already took place for phishing reports and that we didn’t have to jump on the reported incident right away.”
Better Control over the Data Infrastructure
Another game changer for Collective Health—Material’s deployment model.
With Material, the team received a single-tenant, cloud-based instance and full control over the application’s underlying infrastructure. This access was wholly new and innovative for Collective Health’s team compared to other security vendors. They maintained full ownership of the email data and could audit the Material service at every level—a huge benefit for data privacy and control.
”It was the first time in my entire career that I got access to a security product’s underlying infrastructure along with the product itself. For me that was hugely valuable. We have better control over the environment than we typically have with other vendors.”
With improved visibility and control across the board, Collective Health was able to take charge of its most critical application and better secure systems and sensitive content.