AXA XL Manages Their Risk Exposure with Comprehensive Data Breach Intelligence.

About the customer

AXA XL is the P&C and specialty risk division of AXA, known for solving even the most complex risks. AXA XL offers traditional and innovative insurance solutions and services in over 200 countries and territories.

Vendor Risk Management is essential to containing an organization’s risk exposure. As well as reputational damage, data breaches can cause significant financial consequences with fines involving GDPR exceeding $175 million USD in 2020 alone.

Leading organizations recognize that partnering with third-party vendors can put data outside the organization’s control. For AXA XL, it was imperative that they manage that risk, and mitigate the potential business impacts.

Monitoring the Supply-Chain

AXA XL is one of the leading insurance and reinsurance firms in the United States, with truly global reach, serving clients in over 200 countries and regions.

AXA XL works with thousands of unique third-party vendors, each with their own purpose and responsibility for company assets.

Artea (Tia) Evans, Information Security Specialist at AXA XL, faces a daunting challenge. She is responsible for managing and tracking all of the third-party vendors in AXA XL’s network and makes strategic decisions when entering new business partnerships.

Tia was quick to discern that without comprehensive and actionable data, making those strategic decisions would be near impossible. The tools at her disposal could only monitor a fraction of her supply chain, and she knew that there were certain vendors that were processing sensitive
AXA XL assets.

She needed an encompassing view of the organization’s risk exposure and a way to easily digest that information and report her findings to her management team.

Tia needed comprehensive data and technical flexibility that allowed for a “single pane of glass” where she could view every vendor relationship and manage them in realtime.

Fortunately, Cyber Risk Analytics® by Risk Based Security®, provided the capabilities she needed to make her vision of third-party governance a reality.

“We tried to build one page where you can look at a supplier and see all aspects of the relationship. What are we hiring them for? What kind of data do they have in their environment? It was too much. There were too many and I didn’t even have fractions of our suppliers in our systems. I had to make sure that we had continuous monitoring.”

– Artea (Tia) Evans, Information Security Specialist at AXA
XL

A Single Pane of Glass

Cyber Risk Analytics (CRA) is the standard for data breach intelligence, risk ratings and supply chain monitoring. It is the most comprehensive record of data breaches occurring worldwide, and includes rich metadata with up to 68 attributes such as known court costs, lawsuits, and involved third-parties. The data contained with CRA, as well as its powerful features, allows AXA XL to achieve continuous monitoring of their supply chain and perform vendor due diligence and performance auditing.

By digesting data through CRA’s RESTful API, Tia’s team is able to feed data into a widelyused SAI Risk-Based Manager platform and track every organization they care about. By working with Risk Based Security’s world-class support team, Tia has been able to not only create a “single pane of glass” to monitor her vendors, but also to push the boundaries using CRA’s proprietary PreBreach® tool.

“Risk Based Security has given me something no one else has been able to. Cyber Risk Analytics enables us to continually monitor the risks and vulnerabilities of our third-party supply chain involving the security of our assets. It has allowed us to take breach intelligence and translate that into dollars when negotiating.”

Combining Data Breach and Vulnerability Intelligence

In her pursuit of achieving continuous monitoring of her vendors, Tia combined PreBreach, a unique CRA feature, with research from Risk Based Security’s VulnDB® product, marrying data breach and vulnerability intelligence to provide deeper insight into AXA XL’s risk profile.

PreBreach solves the impracticality of formal audits and check-box assessments by providing organizations like AXA XL the ability to make informed risk decisions about current and potential suppliers, clients, partners, acquisition targets, and more. The tool continuously inspects the public domains of AXA XL’s vendors, and generates risk profiles based on over 1,000 security attributes, 55,000 data breaches, and 287,000 software vulnerabilities.

Tia’s team feeds this data into their security tool, granting them a full overview of their potential exposure. They can see if, or how many times, a vendor has been breached, and what vulnerabilities exist on their public domains. By mapping this data with VulnDB, Tia is able to calculate the potential dangers those vulnerabilities pose to AXA XL based on CVSS scores, affected products and more.

“On a one to ten scale, Risk Based Security’s support team is an eighteen. I’ll come to RBS and say, I have an idea, and they make it happen.”

Better Data Saves Time and Money

Armed with this better data, Tia’s team has been able to repeatedly meet their targets, and the effectiveness of their third-party review process has enabled them to stand out among the AXA group.

By using Cyber Risk Analytics, AXA XL valuable time, resources, and money. According to Tia, her ability to better monitor and manage her vendors has allowed her to enable the organization to generate revenue in a secure way.

“Historically, security was a process inhibitor. Now, we walk arm-in-arm with the business. I want them to make money, but I want them to be secure and not incur financial breakage. We want to avoid bad business arrangements and that is what CRA helps us do.”

The comprehensive data provided by CRA offers Tia proactive visibility into all of her third-party vendors who host or handle AXA XL’s digital assets. CRA monitors over 114,000 organizations, and contains details on over 4.7 billion compromised credentials and over 107 billion records exposed.

Begin your free trial today.