Go back

HackerOne’s holistic approach to securing email

Learn how HackerOne's team is balancing security and usability while automating phishing response and securing sensitive data in mailboxes.

m read
Jake Bilyak
Jake Bilyak
IT DevSecOps Engineer
"The plan was to find something more holistic for email security. We always consider how to best maintain security and privacy while improving usability across our entire tech stack. Material balances both."
JAKE BILYAK
JAKE BILYAK
IT DEVSECOPS ENGINEER
“Data Protection for Email is just another layer. It’s all about adding layers and steps to slow down any malicious actor or frustrate them without affecting any user experience. The harder we make ourselves to target, the better we will be.”
JAKE BILYAK
JAKE BILYAK
IT DEVSECOPS ENGINEER
"From a risk perspective, is there something we should do differently to handle that information to improve security? Material lets us see all of this in one dashboard. Otherwise, it would have taken quite a bit of work or scripting to figure it out ourselves.”

Since launching in 2012, HackerOne has built one of the most respected brands in the cybersecurity space. How? By gaining and maintaining the trust of their customers.

HackerOne connects security-conscious organizations with cybersecurity researchers who test their systems for bugs and vulnerabilities. HackerOne’s business model relies on a foundation of trust, and their approach has worked—they’ve provided their services to all sorts of organizations, from the U.S. Department of Defense to top organizations like PayPal, Hyatt, AT&T, and Twitter, to name a few.

HackerOne’s business model focuses on reducing cybersecurity risk and minimizing their customers’ attack surfaces, so it only makes sense that they prioritize top-notch protection for their own business. That’s why Jake Bilyak, HackerOne’s IT DevSecOps Engineer, and his team evaluated and implemented Material’s suite of solutions for their own security program.

HackerOne wanted to take an all-encompassing approach to email security. They quickly realized that they could make Material an integral part of their email incident response and data protection strategy.

"The plan was to find something more holistic for email security," Bilyak said. "We always consider how to best maintain security and privacy while improving usability across our entire tech stack. Material balances both."

HackerOne initially evaluated Material because they wanted a replacement for their phishing monitoring and response tool. Their previous vendor gave them visibility into reported phishing attacks, but the team needed a solution where they could also take action. They didn’t want to use a separate solution or build their own tooling to remediate security risks.

“Our previous solution would alert us when someone reported a phishing incident. But there was nothing actionable. Any action we took in response was done manually through other tooling and was complex and time-consuming.”

Bilyak and the team wanted to consolidate their tooling without sacrificing the quality of service or protection.

“We were looking for a one-stop-shop where we could get visibility into everything and take action and respond right within the same tooling. To take it a step further, we ideally wanted to automate our response based on certain criteria. With Material, this was a first.”

Automating phishing response and investigations

With Material’s Phishing Protection solution, a single employee’s phishing report can immediately protect the entire company. Material automatically finds all similar instances of the phishing attack and then applies HackerOne’s chosen remediation for the entire organization. That means that HackerOne can now speed bump other employees from potentially falling victim by automatically defanging links, adding warning messages, or completely removing a message from the inbox.

“Tooling like Material helps us be a lot more proactive. And on the reactive side, there are many things that we can expedite as well,” Bilyak said.

Bilyak was also extremely excited by the opportunity to use Material’s APIs and events platform to trigger automated actions in other parts of their tech stack. The team can perform many useful actions, like automatically locking or wiping a device or adding a potentially malicious domain to a blocklist.

"Organizations have so many SaaS tools these days. Making adjustments one by one based on a response becomes incredibly time-consuming. But now we have all of this information available from Material and can trigger an automated event via an API webhook to do it all for us. To spit it out into ten different apps is really helpful."

Taking action on email security risk insights

In addition to improving HackerOne’s phishing incident response, Material’s Posture Management gives their team a complete picture of the risks in their email footprint, from which users may have MFA bypasses to which mailboxes contain the most sensitive content.

Risk Analytics also gives HackerOne visibility into their vendors, customers, and other third parties to better understand risks associated with sensitive information shared with them.

“It was really interesting to see who we interact with that may have been part of a breach or which vendors specifically send us the most sensitive information," Bilyak said. "From a risk perspective, is there something we should do differently to handle that information to improve security? Material lets us see all of this in one dashboard. Otherwise, it would have taken quite a bit of work or scripting to figure it out ourselves.”

While many security analytics solutions deliver thousands of data points that may or may not be useful, Bilyak emphasized that the insights Material provides to the HackerOne team are valuable and actionable.

“None of the info in the Material dashboards is irrelevant. There’s almost always something actionable we can do or an action we can think of doing with the information presented. Everything is relevant, and there are use cases for the info we’re getting.”

Protecting sensitive data in the mailbox with Material and Duo

One critical insight that stood out to the team was discovering what sensitive content existed in employee mailboxes. The team needed to mitigate the risk of potential data loss, compliance issues, insider threat, and more.

Fortunately, Material’s Data Protection product secures sensitive content in mailboxes. Material finds and redacts any messages with sensitive content such as financials, customer data, or PII. When users want to retrieve one of these messages, they use their existing SSO or MFA provider to verify their identity and immediately access the original message directly in the mailbox.

“Data Protection for Email is just another layer. It’s all about adding layers and steps to slow down any malicious actor or frustrate them without affecting any user experience. The harder we make ourselves to target, the better we will be.”

Plus, Data Protection for Email was easy to roll out to HackerOne employees because they were already familiar with using Duo as their authentication tool.

Bilyak noted: “MFA is already part of our employees’ daily routine. So when it’s a tool like Material that leverages Duo for authentication, it’s not sacrificing any aspect of user experience to add that layer of security.”

Maintaining privacy and control in deployment

User experience and change management were top of mind for Bilyak and the team when evaluating security vendors. Bilyak wanted to ensure that there wouldn’t be any downtime in HackerOne’s email infrastructure and that Material’s solutions wouldn’t be invasive within their systems.

“One of the things I always evaluate is how easy and fast it is to roll back a deployment. Material is such a straightforward setup, and it would have been really easy to turn it off if it didn’t work out. That put our minds at ease,” Bilyak said.

“Material is such an impactful tool, while also being so low-touch within our environment itself, that it was just a no-brainer to roll out quickly. The risk of completely messing up the rollout was so minimal.”

Additionally, security and compliance reviews can typically be a major roadblock during product evaluation, especially for a highly security-conscious company like HackerOne. But after meeting with Material’s team and learning about the product’s single-tenant deployment model, the HackerOne team immediately felt comfortable knowing that they would have complete privacy and control over their data.

Since the successful rollout, Bilyak has enjoyed a great partnership with Material:

“The one thing that’s always impressed me with Material is that they are usually a step ahead in terms of my feature requests. Every time we go over the roadmap, 90% of the things I came into that meeting wanting to request are already on there with a deliverable date.”

HackerOne’s team is excited to continue making Material integral to the comprehensive detection and response program they’re building internally.

Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.