Use Case
Analyst Platform & Endpoint Protection
Industries
Insurance
Team Size
5'000 – 10'000
Want to convince yourself?
Reach out to us and get a full demo.
Book a Demo

La Mobilière

Case Study

How la Mobilière, Switzerland’s oldest insurance provider, is protecting its clients with Threatray

Founded in Bern in 1826, la Mobilière is Switzerland’s oldest private insurance company operating on a cooperative basis. Established as one of the country’s leading insurance providers, la Mobilière is renowned for its unwavering reliability and dedication to providing customer-centric insurance solutions.

As they continue to serve more than 2.3 million customers, la Mobilière is always looking to partner with organizations that can offer them the latest support and technology that will help keep their customers safe. With this in mind, they were looking to strengthen themselves against future attacks and wanted deeper visibility into the unknown and potentially malicious code running on their infrastructure, as well as new technology that would improve their signal-to-noise triage process.

x
minutes reading time
Use Case
Analyst Platform & Endpoint Protection
Industries
Insurance
Team Size
5'000 – 10'000
Want to convince yourself?
Reach out to us and get a full demo.
Book a Demo

More efficient & faster triage

of malware related alerts, reducing time to detect and respond

Full Visibility

into unknown code running on endpoints

2nd line of defence

to catch in-memory attacks missed by others

Ever evolving challenges

One of their biggest challenges was protecting themselves against open-source offensive tooling like Sharphound, Mimikatz and Havoc. Attackers using these tools are constantly tweaking code to bypass EDR and other detection technology. While la Mobilière is strong in defending against such attacks, they wanted to take it to the next level and explore new defence solutions.

Alongside this, la Mobilière also lacked visibility into endpoint memory. Memory has always been a blind spot for traditional detection technologies making it the perfect weak spot for advanced attackers to exploit. To try and tackle this issue Sandro Beffa, Cyber Security Analyst at la Mobilière explains

we were using manual memory forensic techniques in our investigations but it wasn’t enough. We needed something that would scale memory analysis and detection across all our endpoints and could be used by all team members.

Cutting-edge technology 

Posed with these challenges, la Mobilière took to the market and began looking for products that would solve these issues. Using extensive adversary simulation techniques, they tested products against real-world conditions to ensure their effectiveness. 

In every test, Threatray exceeded the team’s expectations and in several attack scenarios was the only tool that could catch advanced attack techniques using in-memory attacks and fabricated malware variants. Not only this, but Threatray also amplified ambiguous alerts coming from EDR and other detection technology which speeds up alert triage.

Threatray’s full suite of tools 

As the obvious choice, the team quickly integrated the full Threatray product line and Threatray is now fully integrated into their EDR and SOAR and used in every part of the process from detection and triage to response workflows.

In doing so, this automatically triggers memory collection and implant analysis from endpoints that generate malware-related EDR alerts. 

La Mobilière is also using its EDR to collect unknown files at scale that are executed on their endpoint. These are then fed into Threatray for deep code analysis and intelligence. With full visibility into unknown code running on their endpoints, detection gaps are closed and Threatray’s intelligence and investigation capabilities make for a quick and seamless triage process.

For additional support, la Mobilière also uses Threatray to periodically scan and analyze endpoint memory in all its endpoints to defend against in-memory attacks that often go undetected.

Supported, efficient teams

As Sandro Beffa notes

working with Threatray has allowed us to go deeper than ever before into advanced detection and binary intelligence. In doing so, our teams are now equipped to make decisions faster and the result is more efficient and supported teams.

Threatray and la Mobilière: the future

La Mobilière will continue its partnership with Threatray, safe in the knowledge that Threatray’s AI code models store every piece of memory and file collected in a repository for an indefinite period of time. So as new malware threats emerge, Threatray can re-analyse the entire binary repository and check if la Mobilière have previously been affected by this threat.

As the landscape continues to change and new threats continue to emerge, Threatray empowers la Mobilière by providing them with the tools and support they need to continue delivering an outstanding service to their clients that’s come to define them since their beginnings nearly 200 years ago.

About Threatray

Threatray is the leader in binary intelligence and detection of malware and goodware. Threatray gives analysts and enterprises unique capabilities, powered by AI models for binary code, and a highly scalable search engine for code, quickly matching unknown samples against a rapidly growing database of 100+ million binaries.

Contact us at contact@threatray.com or via our website www.threatray.com

Ready to find out how Threatray can protect your organization?

Talk to an expert

By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

DenyAccept All