Blocking threats at scale and improving cybersecurity posture without increasing headcount
Mercury Financial is a non-bank financial services company focused on expanding financial inclusion. It helps credit-challenged, near-prime consumers build credit and enjoy better lives. The company provides over 1 million consumers with a total of $4.7 billion in credit lines.
Boost security, maintain compliance, improve the user experience, and secure workloads on AWS cloud
Shrinks the attack surface for AWS and user devices
Supports and protects a nearly 100% remote workforce
Reduces IT support-related tickets by 76%
Increases user efficiency by 100%
Results in minimal downtime from ransomware or other threats
We see Zscaler as a leader in this space because it is all-inclusive and covers every facet of zero trust. To get the same functionality we get from Zscaler elsewhere, we would have to deploy several vendor solutions.
A born-in-the-cloud company, Mercury Financial maintains a competitive edge in the financial services sector through advanced technology tools that help its customers responsibly manage their credit.
Dedicated to continuous improvement through innovation, the company recently transformed its traditional security architecture and built out a risk-based, cloud native security program. Three factors drove this initiative: compliance with financial services regulations like PCI DSS and others, replacing traditional VPN technology to improve the user experience and traffic visibility, and adding more robust security controls to its Amazon Web Services (AWS) environment.
The IT and security team embraced zero trust to elevate the company’s overall security posture and protect against potential threats. This was the genesis of their Zscaler Zero Trust Exchange (ZTE) implementation.
“The Zscaler Zero Trust Exchange platform provides us with a comprehensive methodology for zero trust for application access. We see Zscaler as a leader in this space because its comprehensive platform covers multiple facets of zero trust. To get the same functionalities we get from Zscaler elsewhere, we would have to deploy several vendor solutions,” said Arjun Thusu, Chief Information Officer, Mercury Financial.
As part of its digital transformation initiative, Mercury Financial deployed Zscaler Internet Access (ZIA), which protects users from threats and enhances connectivity, regardless of where they work. With secure direct-to-internet and direct-to-SaaS connections, users enjoy an improved user experience when accessing web or SaaS applications like Jira for software development project management and Microsoft 365 for general business use.
The company relies on ZIA for threat containment through its artificial intelligence (AI)-powered capabilities such as phishing detection, C2 botnet and evasive threat detection, and suspicious website identification. Zscaler Advanced Firewall, which is part of ZIA, follows highly mobile Mercury Financial users wherever they go, providing full inline traffic inspection, detection of encrypted threats hiding in non-standard ports, and always-on intrusion prevention.
“We believe that every device should be protected in the same way a data center would be. With the addition of Advanced Firewall to ZIA, we have a materially better posture that’s needed to keep our users secure,” said Alex Arango, Head of Cyberthreat Management.
During the pandemic, the Mercury Financial team had to act fast to move its entire workforce to VPN, but the flaws and risks inherent in this approach quickly became apparent, namely, uncontrolled and insecure access to the AWS platform and a poor user experience due to latency as well as repetitive logins and authentication. VPN proved unsustainable over the long term, opened the door to potential attacks, and lacked the agility required for a distributed workforce.
The company replaced its VPN with Zscaler Private Access (ZPA). ZPA provides users, regardless of where they are, with fast, seamless access to private applications that run on AWS.
“For a workforce that’s nearly 100% remote, ZPA offers a seamless experience, provides vastly improved protection, and reduces the support burden. Implementing ZPA was a resounding success! Executives and other employees can now get safe access anywhere their travels take them and across a myriad of devices,” said Chief Information Security Officer Anthony Cunha.
For a workforce that’s nearly 100% remote, ZPA offers a seamless experience, provides vastly improved protection, and reduces the support burden.
Prior to the Zscaler implementation, Mercury Financial chose CrowdStrike Falcon as its all-in-one cloud native endpoint and workload security solution. The team favored CrowdStrike over other solutions because it provides a managed detection and response (MDR) solution, automated remediation, and built-in threat intelligence.
The company sees the integration between CrowdStrike and Zscaler as a differentiator and an important enabler for its zero trust strategy. Mercury Financial is taking full advantage of the Zscaler-CrowdStrike integration to facilitate threat intelligence and telemetry sharing and broaden the scope of endpoint protection at the network layer. For example, Zscaler incorporates the latest list of indicators of compromise (IoCs) detected by CrowdStrike, such as malicious URLs, and detects and blocks endpoints from threats by proactively blocking these sites.
“When a user attempts to visit a suspicious website, whether CrowdStrike or Zscaler is the first to detect this activity, we’re able to share that threat vector so that we have cross-coverage and can ensure that the threat is mitigated on both ends. That enriched network intelligence allows us to protect the whole picture, not just the user’s device, but also the paths to the cloud and applications surrounding it as well,” said Jason Smola, Enterprise Security and Infrastructure Architect.
The integration also leverages the security posture of devices and adapts access to applications accordingly, closing off potential attack vectors to valuable enterprise data. Additionally, Zscaler Sandbox detects threats before malware reaches devices and coordinates with CrowdStrike to pinpoint impacted devices in the environment and remediate them more efficiently.
[Zscaler] …reduces our blast radius and the potential infection of east-west movement, so our ability to remediate has soared exponentially.
To further broaden its zero trust ecosystem, Mercury Financial has adopted many other Zscaler-integrated solutions, including Okta for user authentication and access level verification. The Zscaler-Okta Security Assertion Markup Language (SAML) integration authenticates user identities, allows users access only to authorized applications, and automatically provisions and deprovisions users as needed.
Okta also sends Zscaler managed and unmanaged device statuses via SAML. Additionally, Zscaler and Okta integrate with each other via the system for cross-domain identity management (SCIM), which allows Mercury Financial to dynamically manage access rights to applications for new hires, transfers, and exits.
“The Okta-Zscaler integration is a versatile and agile solution that complements our Zscaler zero trust approach. It has vastly improved the user experience and provides better risk-based access controls,” said Smola. “Users can now breathe a giant sigh of relief thanks to the SAML integration, which enables single sign-on to access multiple services. Users are no longer burdened with remembering multiple passwords and usernames.”
Mercury Financial also benefits from Zscaler integrations with AWS and deriving leveraged benefits from integrations with other leading AWS partner solutions, such as VMware Workspace One for simplified mobile device management.
“With these Zscaler integrations, we can run our operation like an efficient multilane highway, with vehicles going simultaneously in the same direction and at the same speed,” said Smola.
We love it! It’s so much easier and faster than the previous solution. It feels like we are in the big leagues now.
With most employees working from home or remote, Mercury Financial needed a solution to help with finding, troubleshooting, and correcting user issues. Zscaler Digital Experience (ZDX) fits the bill perfectly, with its ability to continually monitor and provide root cause into SaaS-related problems.
“ZDX has really increased data insights, and this enables us to diagnose connectivity issues more easily. Our users really appreciate it too because it makes them more productive by reducing the time required for the help desk to solve problems,” said Smola.
Mercury Financial is benefiting from Zscaler integrations with AWS as well as leveraging benefits from integrations with other leading AWS partner solutions, such as CrowdStrike, Okta, and VMware Workspace One
The Zscaler deployment was seamless. It was a team effort, consisting of in-house experts, Zscaler Professional Services, and the professional services team from Optiv (the company’s preferred value-added reseller, who guided the technology assessment and assisted with procurement).
One of the things that stood out for Smola during the deployment was the importance of having a strong understanding of the network prior to initiating this architectural shift. He and his team thoroughly identified their most critical and valuable data, assets, applications, and services. Once they had a good handle on that, the process was smooth and efficient.
“Zscaler provided us with a great opportunity to dig deeper. We found all kinds of things we weren't expecting to find that we were able to remediate with Zscaler,” said Smola. “My advice to other organizations looking to deploy Zscaler is to really know their existing network inside and out—from whitelisted URLs to locating their data. That’s paramount to success.”
The Zscaler zero trust architecture has benefited Mercury Financial in numerous ways—from curbing threats by reducing the attack surface to increasing the efficiency of the small security team.
“Zscaler zero trust has allowed us to carve out our entire infrastructure into insolated segments, so that the extent of compromise is minimal. If an attacker does gain a foothold in our stack, instead of it affecting 20 servers, it only affects one. It reduces our blast radius and the potential infection of east-west movement, so our ability to remediate has soared exponentially,” said Smola.
Ever since the ZTE deployment, Mercury Financial has had zero downtime due to malware or ransomware. Additionally, the IT team has seen a 76% reduction in support tickets and a 100% improvement in the user experience.
The team also points out that Zscaler has made them more efficient and given them greater peace of mind.
“Instead of being mired in minor issues or having to spend time managing lots of unintegrated tool sets, Zscaler’s multiple layers of protection give us that relaxed feeling, which is priceless. You can’t put a monetary value on that,” explained Cunha.
From an overall company standpoint, zero trust supports Mercury Financial’s cutting-edge position in the financial services sector.
“We're able to differentiate ourselves from our competitors in that we have adopted zero trust and are using best-of-breed solutions from best-of-breed vendors like Zscaler, CrowdStrike, Okta, and others,” added Cunha.
Mercury Financial EVP of Strategy Steve Carp reinforces how Zscaler has been a real game changer for the company. “We love it! It’s so much easier and faster than the previous solution. It feels like we are in the big leagues now,” he said.
A current work in progress is the company’s implementation of Zscaler Workload Segmentation (ZWS). Microsegmentation is a critical strategy for Mercury Financial as a way to reduce risk level by provisioning access on a need-to-know basis.
The company is especially interested in using ZWS to microsegment Amazon Elastic Cloud Compute Cloud (EC2) instances, which they typically use for DevOps. ZWS will enable the team to apply identity-based protection to workloads, with policies that automatically adapt to the environment in which they are running. This will further minimize the network attack surface.
Zscaler Deception is another product the team is interested in exploring to detect and contain IoCs early. It populates the environment with decoys hidden from valid users—such as fake endpoints, applications, databases, computers, and other resources—to lure attackers. Once interactions with these decoys are detected, an alert is issued, allowing security teams to generate threat intelligence and take action to shut down malicious activity.
Mercury Financial also plans to migrate its applications and resources to other cloud service providers to build on their success with AWS, creating a “supercloud.”
“With our flexible Zscaler framework, we can apply consistent security policies across different cloud service providers and data centers, and that could be a huge benefit for us as we grow the company,” said Cunha.
Disclosure: The information in this document is published for informational purposes only. Views expressed herein are not intended to be and should not be viewed as advice or as a recommendation. Any opinions expressed in this document and related links are the opinions of the individual author and may not reflect the opinions of Mercury Financial. This document