Safeguarding Employees and Clients at Mariner Wealth Advisors with Zero Trust Email Security

Two weeks

to seamlessly rollout to employees

More time back

for the analysts to focus on strategic programs

New visibility into risk

to help transform executives into champions

"Taking a Zero Trust approach to email security is critical because malicious content is always going to get through. Blockers might catch 98% of attacks, but the answer is not to get from 98% to 99% because it's still not bulletproof. It's better to take that money and invest in something like Material."

Thomas Brittain, Director of Infosec

"The risk analytics from Material helped provide the data we needed for executive buy-in. It helped identify any potential risks we had in the mailbox and prioritize accordingly."

CHRIS COOK, SVP OF TECHNOLOGY

“We do a lot of end user training and awareness. Material Security’s ‘report suspicious message’ is the glue between training and action. We get to tell users ‘great job’ for reporting an incident. Now they have something they can do to make the whole company safer.”

Thomas Brittain, Director of Infosec

Mariner Wealth Advisors focuses on partnering with clients to create a financial strategy that’s built to last. They put clients first, providing flexibility whether it’s a change to their financial plans or the way they want to collaborate. But delivering flexibility can increase risk, especially when it comes to protecting the sensitive content associated with being in the finance industry.

That’s where Mariner Wealth Advisors’ security and technology team comes in. Meet Thomas Brittain, Director of Infosec and Chris Cook, SVP of Technology. Their goal: frictionless security.

“You can be the security team that says “no”, but you’ll end up with folks going around your rules and seeing Shadow IT as a result. Or you can instead find the right way to allow your users to work the way they want to while staying secure.”

Chris Cook, SVP of Technology, Mariner Wealth Advisors

Phishing Response: Addressing Time to Remediation

Financial services firms are a top target for threat actors with the involvement of sensitive information. It’s no surprise that Mariner Wealth Advisors’ security team sees frequent spear phishing attempts.

The security team would spend hours working through a phishing incident using Office 365’s built-in tooling. “If we saw a threat and tried to run a search within a few minutes, we had to wait for indexing before we could even run an investigation," says Chris. We’d see it, wait 10 mins, then run a soft delete. Is this an incident? Do we need to log? What was the magnitude? This became a full time job.”

The team also had to fall back to writing queries in Powershell to seek out similar messages and senders, find other recipients, and then remediate. It was “a race to the keyboard.”

“If we saw a threat and tried to run a search within a few minutes, we had to wait for indexing before we could even run an investigation. We’d see it, wait 10 mins, then run a soft delete. Is this an incident? Do we need to log? What was the magnitude? This became a full time job.”

Chris Cook, SVP of Technology

On top of that, there was an exposure time gap between the first phishing email hitting a user’s inbox and when the team could remediate. In that time, employees could fall victim to a malicious link or file, or reply or forward those emails to others. Even with an outsourced SOC to help with repetitive daily phishing response tasks, the team still needed help with their #1 metric: time to remediation.

The team deployed Material’s Phishing Herd Immunity to help provide real-time remediation. Here’s how it works:

  1. An employee flags a message that gets through as suspicious (using existing training workflows).
  2. Material helps automatically find and cluster similar messages across the organization as the attack unfolds.
  3. The security team sets customized, auto-remediation rules so that the organization is instantly protected with one user’s report. Manual security review becomes less urgent.

With a seamless two week rollout to the employee base, user training was as simple as “click this new button instead of the old button”. The helpdesk is usually overwhelmed with requests when deploying new services. But in this case, the team didn’t hear a single complaint. The security team could also share feedback with Material’s built-in reporting (e.g. the attack hit 10 mailboxes, 1 user clicked on the link, and we remediated within 45 seconds). Users felt empowered that they could help protect the organization instantly.

“We do a lot of end user training and awareness. Material Security’s ‘report suspicious message’ is the glue between training and action. We get to tell users ‘great job’ for reporting an incident. Now they have something they can do to make the whole company safer.”

Thomas Brittain, Director of Infosec

Users appreciated the simplicity, and Mariner Wealth Advisors saved tens of thousands of dollars by removing third party phishing triage costs. Plus with the automatic clustering, the team no longer had to conduct manual searches in investigations. This helped free up the analysts’ time to focus on strategic new features and progress other security programs.

Protecting Sensitive Data in Employee Inboxes

Mariner Wealth Advisors also wanted to protect any sensitive data and files sitting in users’ inboxes and archives. But in order for the security team to quantify the risk for management, such as how many credit card numbers, social security numbers, and other sensitive data types were in existing mailboxes, they faced a ton of manual work that took away from other projects.

The data gathering started with message searches which were very time consuming, not sustainable, and nowhere near real time. Then they’d have to run analysis on top of the data to get to anything actionable. This was also only a single point in time. To be able to do this continuously, they would need full time resources.

"The risk analytics from Material helped provide the data we needed for executive buy-in. It helped identify any potential risks we had in the mailbox and prioritize accordingly."

Chris Cook, SVP of Technology

Users and executives were typically skeptical of new security controls. But Thomas and Chris used these data-backed risk findings to justify the urgency to improve data protection in the inbox. "The risk analytics from Material helped provide the data we needed for executive buy-in. It helped identify any potential risks we had in the mailbox and prioritize accordingly," recalls Chris. Rather than push back, executives ended up champions with this new visibility into risk. 

Now that all were onboard, the team needed to secure the sensitive content in email while not disrupting user workflows. Material’s Leak Prevention solution checked all the boxes. Any emails with sensitive content were automatically found and redacted. When users needed to retrieve a message, they just needed to use their existing Okta app to authenticate access and “unlock” the message.

“By creating a simple, non-disruptive workflow for our users, it just became ‘how we do business now.’ We can sleep better at night AND keep our users productive.”

Thomas Brittain, Director of Infosec

Extending the Zero Trust Mentality to Email

Email is Mariner Wealth Advisors’ main communication tool and thus the #1 platform they focus on de-risking. Knowing that no solution is ever 100% perfect in catching threats, Mariner Wealth Advisors needed a zero trust strategy for email. Chris underscores: "Material helped us flip our email security strategy on its head. We have visibility the other way around now - we’re proactive vs reactive. I tell everyone about Material."

Mariner Wealth Advisors' inside-out approach helped secure users and clients while maintaining productivity.

"Material helped us flip our email security strategy on its head. We have visibility the other way around now - we’re proactive vs reactive. I tell everyone about Material."

Chris Cook, SVP of Technology, Mariner Wealth Advisors

To explore what Material can do for your business, request a demo here.

Back to top