PagerDuty Upgrades Email Security in the Midst of COVID-19 and WFH

Reduces risk of data loss, improves visibility and policy compliance, and upgrades phishing response

Summary

  • PagerDuty identified email as both a common attack vector and a potentially high-risk target. 
  • Email generally lacks risk visibility, enhanced Data Loss Prevention (DLP) for email archives, and automated phishing response capabilities.
  • When the shift to WFH increased the need for further visibility and enhanced controls, PagerDuty accelerated a broad rollout of Material.
  • Material helped PagerDuty identify and prioritize top email risk factors, standardize and automate security controls and streamline auditing and compliance.

“We are using Material Security to reduce the risk related to email—including improved phishing response, data leakage prevention, and sensitive data discovery. It takes the guesswork out of email security.”

— Lisa Hall, Director - Head of Information Security, PagerDuty

PagerDuty is the central nervous system for real-time digital operations at over 13,000 organizations, including nearly 60% of the Fortune 100. The publicly-traded company is a household name in DevOps and IT and has led the recent renaissance in infrastructure monitoring and response, serving customers around the globe. PagerDuty is mission-critical for every single customer, and teams place unparalleled trust in the security of the company and the platform. PagerDuty’s team works non-stop to maintain that trust.

The Information Security team led by Lisa Hall is tasked with protecting Dutonians (PagerDuty’s employees), the company, and customer data. Lisa recognized that the out-of-box email platform features, though offering basic protections, lacked the risk visibility and scalable security capabilities commensurate to the risks facing email. Material Security, on the other hand, offered her team the ability to further protect sensitive data in PagerDuty’s mailboxes—a requirement that was top-of-mind and supported compliance initiatives. More broadly, Lisa wanted a modern solution that could provide "visibility into email risks and the ability to administer them at scale and for specific users/groups, as well as an automated response to phishing."

Christine Chalmers, Technical Program Manager on the security team, led a smooth implementation of Material despite the added urgency from the shift to work-from-home (WFH) and new COVID-inspired security threats. By partnering with Material, PagerDuty improved visibility and management of email risk, streamlined the ability to audit and comply with policies, and reduced the operational burden for the on-call team responding to the flood of incoming suspicious messages. Material even became a catalyst for other security initiatives:

"As a result of rolling out Material, we accelerated improvement in authentication practices, standardizing on the most secure methods."

— Christine Chalmers, Technical Program Manager, PagerDuty

COVID-19 and the rapid shift to WFH requires a new look at email controls

When word in her network pointed Lisa to Material, she was already well aware of other options in the market, including traditional email gateways. She liked the unique approach that wasn't available elsewhere: 

"I like that it's not archaic compared to other vendors, that it's focused on new ways to protect cloud email, and that CISOs I trust are having success with it."

— Lisa Hall, Director - Head of Information Security, PagerDuty

PagerDuty kicked off a pilot. Lisa shared, "The actual technical implementation of it was super easy—we did it in 2 minutes." Then, COVID-19 forced Dutonians to work-from-home, creating a need to look at current controls and make some improvements, including addressing an influx of phishing attacks taking advantage of the worries created by the virus. PagerDuty accelerated its implementation timeline:

"Our COVID-19 task force identified Material Security as something that could quickly and easily further protect us in the shift to full work-from-home."

— Christine Chalmers, Technical Program Manager, PagerDuty

Material’s Risk Analytics improves risk measurement, policy compliance, and authentication practices

PagerDuty started with Material's Risk Analytics, which surfaces risk factors in three key categories: employees' email accounts, the third-party apps they use, and the external partners they interact with. Risk Analytics clarified which accounts were forwarding messages, which SaaS apps were in use, which email settings needed adjustments to improve compliance with policies, and several other risk factors.

Most organizations strive to enable MFA for all accounts. Risk Analytics let PagerDuty validate this control at scale and extend MFA protection to the “last mile”. For example, PagerDuty chose to move away from using shared email accounts to Groups, which required every recipient’s email account to use MFA. Getting this change on the internal roadmap and the migration itself was quick and easy because Risk Analytics specified the scope. Today, PagerDuty regularly audits MFA use as part of their security and compliance efforts.

"Visibility is my number one driver for implementing Material. You can’t protect what you don’t know. Now, we have visibility, we can audit at any time, and we have the metrics. No more guessing that something is risky when we can quickly measure it."

— Lisa Hall, Director - Head of Information Security, PagerDuty

Leak Prevention and ATO Prevention keep sensitive data and apps safe

PagerDuty's existing investment in an advanced MFA solution soon paid dividends for a whole new use case: securing access to sensitive messages in mailbox archives. Material invented Leak Prevention to protect mailboxes by redacting sensitive messages in place and adding a quick extra layer of authentication to retrieve them on demand. Lisa also liked the ability to receive alerts when someone attempts to access multiple sensitive documents, which can be a sign of misuse.

Christine used the Risk Analytics dashboards to plan the rollout, "All of this data made it easy to identify the best team to work with for piloting and how to tune the policies for Leak Prevention." 

"With Material's Leak Prevention, we can further protect sensitive data in email. We can show these controls to our auditors, assure our customers, and reduce the risk of loss."

— Lisa Hall, Director - Head of Information Security, PagerDuty

Material's Account Takeover (ATO) Prevention functions similarly to Leak Prevention to protect connected accounts against takeover via a compromised email account. ATO works by asking users to pass a quick challenge using an additional factor before accessing password reset emails. Lisa explained why ATO prevention mattered:

"We use a lot of SaaS services. Protecting them from inappropriate access is critical. Material gives us peace of mind because it prevents account takeovers even if a particular service is not set up with SSO and MFA."

— Lisa Hall, Director - Head of Information Security, PagerDuty

Christine rolled out ATO in parallel with Leak Prevention to Dutonians while they were all working from home:

"It's transparent to the users—we had no challenges in rolling it out. It has been smooth for people to get their emails and reset their passwords."

— Christine Chalmers, Technical Program Manager, PagerDuty

Phishing Herd Immunity crowdsources protection and streamlines on-call

COVID-19 brought another security challenge—an increase in new phishing attacks. Lisa decided to deploy Material's Phishing Herd Immunity to reduce the on-call team's load and protect Dutonians. Christine concluded that the protection would be simple to turn on during an already-significant adjustment period for many employees.  

Phishing Herd Immunity allows one employee's phishing report to automatically protect the entire company from similar suspicious messages, across all mailboxes, without the bottleneck of a manual investigation.

"Material’s Phishing Herd Immunity allows automated blocking and responding to suspicious messages on a greater scale than was possible before."

— Lisa Hall, Director - Head of Information Security, PagerDuty

PagerDuty uses Material to automatically find similar messages to reported messages and “defang” payloads (like links and attachments) even after messages have been delivered. Defanged payloads can be blocked or subtly modified to create “speed bumps”, which warn (and train) users at exactly the right moment. Phishing Herd Immunity quickly proved itself after a rapid rollout:

"Material substantially reduced the stress of the work for the on-call team. If you flag a message as suspicious, Material will protect everyone. If it's a false positive, mark it as non-suspicious, and Material takes care of it all."

— Christine Chalmers, Technical Program Manager, PagerDuty


Material’s painless deployment facilitates a fast implementation wall-to-wall

Lisa and Christine addressed their email security priorities on an accelerated timeline to further protect PagerDuty and its customers against new threats. With visibility into how Dutonians use the company’s information in different departments, they can identify more ways to secure how work gets done. 

Looking back at her experience so far, Christine found the implementation straightforward and appreciated the guidance from the Material team:

Back to top ^

"The team was responsive and helped us weigh the next best action for the rollout. I'm impressed with the low risk of implementing Material. We haven’t had to include many dependencies, and the tool itself is so intuitive to the end-users."

— Christine Chalmers, Technical Program Manager, PagerDuty

Lisa agreed:

"The responsiveness of everyone on the Material team was amazing. We are now using all the capabilities that Material has to offer."

— Lisa Hall, Director - Head of Information Security, PagerDuty