Asurion Case Study

Asurion Gets Proactive to Escape Vulnerability Overload and Reduce Business Risk

Solutions:

  • Risk Operations
  • Unified Vulnerability Management
  • Proactive Security
  • Exposure Management
  • Vulnerability Management Automation
The Couple Looking at The Tablet with The Company Name "Asurion"

Annual Revenue

$8.5 Billion

Industry

Insurance, Consumer Services, CPG

Results of creating the risk operation center with Brinqa

Technical Report Line Icon

90% Fewer

Critical Vulnerabilities

Home Security Line Icon

8M Vulnerabilities

Processed Daily

Cloud Security Line Icon

Single ROC

Consolidated IT, App and Cloud Vulnerability Mgmt into Risk Operations Center

Asurion faced a significant challenge in managing and mitigating risks across its vast infrastructure. With assets and vulnerabilities spread across multiple technology teams and regions, the company struggled with a lack of visibility and the ability to prioritize and remediate the most critical risks.

 

Before adopting Brinqa, Asurion was forced to consolidate data from a collection of half a dozen scanners and tools for vulnerability scanning. However, the disparate nature of these tools made it difficult to obtain a holistic view of the risks that mattered most. The team manually exported data into CSV files and used Power BI and PowerPoint for reporting, resulting in fragmented insights and a lack of actionable intelligence.

 

Asurion’s vulnerability management program was managed using manual spreadsheets and Power BI which were inefficient, leading to unaddressed cyber risk and frustrated team members. They reached their tipping point when it became clear that the firehose of vulnerabilities and exposures coming from applications, cloud, and traditional infrastructure would never slow down.

 

The pre-existing approach to vulnerability management no longer sufficed as the number of vulnerabilities generated by the business continued to grow. There was no movement forward even with a risk identified and mitigation agreement. At some point, the vulnerabilities lost meaning. It was a losing battle to attempt to address all of the vulnerabilities they were tracking. “As a business we were approaching that moment when it might be difficult to say in good faith that vulnerabilities were managed in an effective manner,” said Kirk.

 

Something HAD to change. Based on the experience of the company’s CISO, Jim Desmond, the team decided to move to a risk-based approach to exposure management. By doing so, they would jump off the hamster wheel of chasing every vulnerability and take a more pragmatic, more strategic approach to reducing actual risks rather than cleaning up vulnerabilities.

The Search for a Solution

Asurion’s leadership recognized the need to pivot from their existing vulnerability management approach, which was based on a maturing model, towards a more risk-focused strategy across their attack surface. The CISO, backed by the CIO, prioritized this transformation, understanding that the company would remain vulnerable without an effective way to measure and mitigate risk.

 

Asurion needed a solution that would allow them to group assets, servers, and code as business services and provide visibility into the true impact of vulnerabilities. After evaluating several options, including ServiceNow, Asurion chose Brinqa for its flexibility and the ability to customize how vulnerabilities were viewed and managed across the organization.

Customer Vulnerability Management Goals

  • Focus remediation efforts on the vulnerabilities and findings that pose the biggest risk to the business
  • Maintain a live, detailed picture of assets, including ownership, to hold business and technical teams accountable for risk reduction
  • More effective collaboration using a team approach to risk reduction across business leaders, technical teams and security
  • Consolidation of vulnerabilities, findings, and asset data from 20+ tools across their applications, cloud and traditional infrastructure
  • Reduction of business-critical vulnerabilities and resolution of backlog
Customer Vulnerability Management

Results and ROI

Building the Risk Operations Center

The proof of concept (POC) with Brinqa was a pivotal moment for Asurion. The strong pre-sales support and the platform’s adaptability to Asurion’s needs convinced the team that Brinqa was the right choice. As a company with a “built-it” culture, Asurion valued the freedom Brinqa provided in tailoring the platform to fit their unique requirements.

 

With Brinqa, Asurion created a Risk Operations Center that offered unprecedented visibility into their vulnerability landscape. The platform allowed them to:

Understand and Prioritize Risks

Brinqa enabled Asurion to move beyond raw data and focus on understanding which vulnerabilities posed the most significant risks to the business. By grouping assets and correlating vulnerabilities with business impact, Asurion could effectively prioritize remediation efforts.

Managing Threats and Exposures

Brinqa introduced real-world threat data into the equation, helping Asurion prioritize exposures actively being targeted by cybercriminals and further focusing remediation efforts.

Ensure Accountability

Brinqa introduced a new level of accountability within Asurion. Business owner counterparts were held responsible for the risk scores of their respective areas, akin to a “credit score” that measured how well risks were being managed. This shift in accountability ensured that the right resources were allocated to mitigate risks that mattered.

Cleared Out Backlog of Vulnerabilities

Now, infosec, IT, and development are all on the same path, working together to clear out a massive backlog of the vulnerabilities that pose the business risk to the business and are making progress, not falling behind.

Streamline Remediation

With Brinqa, Asurion could finally answer critical questions: Are we remediating the right risks? Do we have the necessary resources to address these vulnerabilities? The platform provided the insights needed to ensure remediation efforts aligned with the company’s risk priorities.

Implementing Brinqa

Since implementing Brinqa, Asurion has seen a dramatic improvement in its ability to manage vulnerabilities across its global infrastructure. The platform processes approximately 8 million vulnerabilities daily, with plans to integrate an additional similarly sized data source. While the volume of data is immense, Brinqa’s flexibility has allowed Asurion to tailor the platform to meet its needs, though performance and reporting capabilities have been areas noted for improvement.

 

“We developed and implemented a vulnerability remediation strategy with the insights Brinqa provided, initially focusing on our crown jewels and working our way down the priority list.” Jim Desmond, CISO, Asurion

 

Asurion’s leadership views Brinqa as a critical partner in their cybersecurity strategy, providing the expertise and tools needed to navigate the complex world of risk management. The success of the Risk Operations Center is a testament to the value Brinqa brings to the table, transforming how Asurion understands and mitigates risks across its enterprise.

Conclusion

Brinqa was the lynchpin technology that Asurion needed to support Jim’s vision and move from a fragmented and reactive approach to vulnerability management to a proactive and strategic one. By building a Risk Operations Center with Brinqa at its core, Asurion has gained the visibility, accountability, and insights needed to protect its global infrastructure and reduce the risks that matter most.

See a Brinqa demo

Let us impress you with a demo of Brinqa. We’ll show you exactly how the bringa Platform proactively protects your enterprise.

SHOW ME BRINQA
The Software Showcase of The Brinqa Functionalities

Explore additional use cases

Nestle

Nestlé Modernizes & Unifies Vulnerability and Risk Management with Brinqa Threat Exposure Management Platform

Learn More
SAP

SAP Doubles Vulnerability Management Team Productivity, Reducing More Risk Across the Business

Learn More