‹  All Case Studies

SavvyMoney protects financial data in the mailbox and beyond

Instant value realization

Actionable insights without the learning curve

Fatigue-free alerts

More focused attention, less triage for SecOps

Impressed compliance auditors

Exceeded expectations with advanced controls

“I can sleep better knowing that my teammates are being protected while Material is automatically doing the backend work to say whether something looks suspicious, legitimate, or is a full stop.”

Giovanni Sanchez, Systems Engineer

“It’s even better that any financial data is secured behind an effective barrier that is unique to Material because of the step up auth to access anything sensitive. I love that.”

Giovanni Sanchez, Systems Engineer

“It puts you in rarified air – to work with a vendor that is so easy to work with.”

Giovanni Sanchez, Systems Engineer

SavvyMoney brings much-needed modernization and personalization to the credit score industry. With access to real-time financial data spanning thousands of banks and credit unions, the importance of data security is critical. Not only does it underpin the trust in their customer relationships, it also ensures ongoing regulatory compliance.

As a forward-thinking company, SavvyMoney chose to partner with Material Security because of our comprehensive approach to securing their cloud office suite. Specifically, we offer enhanced visibility and advanced email & data protection for Google Workspace, delving deeper than the surface of the inbox.

We spoke with Giovanni Sanchez, Systems Engineer at SavvyMoney to learn more about the company’s positive experience working with Material Security, the meaningful outcomes of a successful rollout, and his perspective on striking the right balance between security and productivity.

We met Giovanni at Okta’s annual user conference, Oktane, where he stopped by our booth to learn more about what we do. That chance encounter quickly connected the dots at the right time for Giovanni, who was on a mission to bolster his company’s security measures across Google Workspace.

“The improvements to the environment have been incredible”

Giovanni Sanchez, Systems Engineer, SavvyMoney

Seeking a better way to triage email attacks and prevent unwanted data exposure

As email attacks grow more sophisticated and frequent, they present a relentless challenge for Security Operations teams of every kind and size. Wishing to avoid an unending cycle of whack-a-mole, Giovanni sought alternatives to the traditional gateway-based email security vendors he had previously engaged with.

While the company generally excelled at identifying suspicious emails, managing the triage process became increasingly challenging as the volume surged. Solely relying on Google's built-in detections meant that many problematic emails slipped through, and an excessive number of unwarranted alerts were triggered. “When it becomes a more constant, frequent aspect of my day-to-day operations, it becomes more of a heightened concern because I worry about all the potentially dangerous situations within our environment", said Giovanni.

While enhancing detection quality was an integral component, it wasn't the sole requirement. Giovanni's keen insight led him to a solution like Material, understanding that email isn't merely a vector — it's also the primary target. According to the Verizon DBIR 2023, 36% of all data breaches involved email as an asset. When handling sensitive financial data, safeguarding the contents of everyone's mailboxes becomes paramount; these are repositories filled with historical transactions and interactions.

Given this perspective, Giovanni and his team sought a holistic approach to cloud office security — one that effectively prevents unauthorized access to sensitive content, rather than just being another superficial traffic scanner.

Enter Material.

Immediate value realized from a quick and painless rollout  

Conducting a POC with Material was straightforward for Giovanni and his team. The smooth API integration with Google Workspace took mere minutes to set up. However, what truly captivated Giovanni was observing the development of risk insights as more mailboxes were enrolled.

With Material Posture Management, administrators gain enhanced visibility into user behavior and system configurations that would be difficult to find otherwise. Our class of Risk Analytics surfaces actionable insights such as what sensitive data exists in mailboxes, which users have MFA bypasses, which third-party apps are used across the organization, and more.

Material Risk Analytics

“The ‘aha’ moment that set it in stone for us was seeing the amount of email transactions we did within one year was in the millions. When we saw it all in the Material dashboard – at that point it wasn’t a Proof of Concept, it was Proof of Value.”

Giovanni Sanchez, Systems Engineer, SavvyMoney

Saving hours of triage burden every day

Anyone who has worked a day in Security Operations has felt the overwhelming burden of alert fatigue and triage volume across a range of sources and services. Alerts and triage workflows exist for a reason, however, so the aim is to have the highest quality systems in place that catch the right things, and provide clear and direct remediation paths.

With Material Phishing Protection, we pride ourselves in best-in-class detections that don't rely on a single source, rather a multi-pronged approach that includes built-in rules, advanced AI/ML, open source libraries, and more. The result – cases that get created for triage deserve to be triaged, and teams gain a powerful toolkit to inspect the environment quicker and more effectively.

“I love getting alerts when people are trying to view sensitive information. It makes me happy to see those because I know it’s working.”

Giovanni Sanchez, Systems Engineer, SavvyMoney

Keeping data safe from account misuse

Advanced detections of incoming messages are pivotal in keeping malicious actors at bay from mailboxes. However, as Giovanni rightfully noted, email security is as much about the data that exists in mailboxes – they’re a vast repository of historical transactions and interactions that are bound to contain sensitive and classified information.

With Material Data Protection, we offer a unique method of protecting data that involves redacting sensitive content within a user's mailbox while adding an additional verification step for user access. If the user is properly authenticated, they can swiftly access the required information. If they aren't, their actions are promptly thwarted, preventing potential damage.

“We have security inside the mailbox because it’s hitting the flags of PII and transaction records and it’s immediately locked up after the grace period.”

Giovanni Sanchez, Systems Engineer, SavvyMoney

Ensuring unknown apps aren’t lurking in the shadows

An additional challenge for every IT & Security team is getting ahead of Shadow IT. While every company has policies & procedures to procure applications, business users still tend to sign up for 3rd party applications on their own.

With Material Identity Protection, we’re able to detect a class of emails that are directly correlated with application usage – password resets, account activations, and account verifications. This allows us to surface a report to administrators that tells them which users are using which apps, providing the option to add an extra layer of authentication or block the application entirely.

“With the rise of Shadow IT, it’s great that we now have visibility into which users are creating which accounts in various applications. Now we can decide whether to bring that in-house when we see patterns, and it no longer becomes shadow.”

Giovanni Sanchez, Systems Engineer, SavvyMoney

Maintaining a healthy balance between security and productivity and compliance

As Giovanni quickly discovered and appreciates, Material champions a model where security complements productivity rather than competes with it. By incorporating features such as redacting sensitive content with step-up authentication, users can quickly and safely access what they need when they need – without unnecessary hurdles. Unauthorized users, however, find themselves effectively contained. In this manner, the business can ensure interactions and transactions are natural, while security operations teams are comfortable with the flow of sensitive data – the best of both worlds.

“Every component of Material is easy to maneuver and easy to use. It’s not overly complicated, and it shouldn’t have to be. Security should be something that you can understand.”

Giovanni Sanchez, Systems Engineer, SavvyMoney