LV= Takes a Data-Driven Approach to Cybersecurity with Cymulate

Cymulate enables us to have data-driven conversations about cybersecurity. No more opinions. It’s just the facts.

- Dan Baylis, Chief Information Security and Data Officer

Challenge

Dan Baylis joined LV= in 2022 as Chief Information Security and Data Officer and quickly identified that the cybersecurity team lacked the required analysis of its security posture to drive data-driven conversations around its security. With an in-house staff of 10, an outsourced 24x7 SOC provider and third-party specialists for pen tests and red team exercises, the LV= cyber program was missing the data and insights that Dan needed to measure how defenses and processes minimize exposure.

Dan and LV= faced challenges common to many cyber programs:

• Lacked continuous security validation

  LV= conducted annual penetration tests like most other organizations, but the results provided point-in-time snapshots of the organization’s security posture.

• Labor-intensive and time-consuming testing of emergent threats

  The process to validate against emerging threats was extremely inefficient. It included manually researching the threat’s IOCs, testing controls against the IoCs, implementing any control changes if the threat did get through, and repeatably retesting to validate the mitigation.

• No consolidated view of security posture

  LV= was using security tools that were not integrated with one another. Additionally, the security team had difficulty aggregating all the information it received from its third-party SOC and red team vendors, causing everyone to work in silos.

The Cymulate Solution

LV= needed a solution that could be easily implemented and provide the organization with continuous security control validation, metrics, and reporting. Dan recalled, “When I joined LV=, Cymulate was the first vendor I added to our security stack. We required a solution that works. As a previous user, the product speaks for itself.” The Cymulate products were easy to configure and integrated with the team’s existing security stack to provide a consolidated view of all its security activities.

The LV= team continues to appreciate the support they receive from the Cymulate customer success team. Karl Ward, Head of Cybersecurity, elaborates, “The fast turnaround from the Cymulate support team is key. It is key to have a technical account manager who understands the tool and helps us maximize its capabilities.”

The LV= team uses Cymulate to:

Benefits

Since implementing Cymulate, the LV= security team has noted significant improvements to its security organization.

• Increased data-driven conversations about security controls
  Cymulate provides facts and data regarding how safe LV= is against threats, and this information leads all its security conversations.

• Empowered SecOps that drive real improvement
  The platform’s automation and real-world attack assessments create engaging projects that expand skills and keep SecOps employees motivated.

• Increased efficiency
  The support of the Cymulate Threat Research Group and the automation for repeatable and accurate testing eliminates the need for more security professionals to scale activities.

• Validated investments
  The security team uses Cymulate’s reporting to show stakeholders risk reduction after implementing new tools.