Intermex Reduces Critical Vulnerabilities by 98% with Falcon Exposure Management

Learn why this leading money transfer service consolidated on the CrowdStrike Falcon platform

May 21, 2024

| | Exposure Management

 

Intermex is a leading money transfer service, moving over $24 billion USD annually across Latin America and beyond. Because financial gain is a primary goal among cybercriminals, Intermex requires modern cybersecurity to protect the company and its 4.5 million customers.

In 2019, Intermex made the strategic decision to adopt the AI-native CrowdStrike Falcon® platform along with CrowdStrike Falcon® Complete for managed detection and response (MDR). In the years since, Intermex has consolidated on CrowdStrike, deploying protections across its endpoint, identity and cloud environments.

A key focus in that work has been reducing critical vulnerabilities. When Intermex CISO Daniel Hereford took over in 2022, one of the first things he evaluated was the company’s vulnerability management practice. “Vulnerability management is a top place for CISOs to start if they really want to make an impact,” said Hereford.

At the time, Intermex used a legacy, scanner-based vulnerability management vendor, along with a managed service provider that delivered vulnerability information once a week and performed joint review only once a month. A total volume metric of thousands of vulnerabilities, as well as patching activities, were reported to the Board regularly. But as an experienced CISO, Hereford knew to question things a bit more.

Critical Vulnerabilities Left Unpatched

Shortly into Hereford’s tenure, Intermex performed an internal audit. The auditors sampled a number of essential servers and reported that each one had 50+ critical vulnerabilities present, indicating a significant vulnerability management problem.

At the same time, Intermex was growing fast — and so were its assets. As its IT infrastructure grew, the company’s traditional vulnerability management program was falling further and further behind. Some critical vulnerabilities existed for months before they were patched.

“If you fall behind on vulnerabilities, it can snowball into a monster,” said Hereford.

Moreover, Intermex lacked clear context into which vulnerabilities to address first. The team worked busily to patch but wasn’t able to effectively prioritize efforts based on actual risk to Intermex. Clearly, a change was needed.

“The previous tool was very good at scanning our environments and spitting out a lot of information. At some point in the journey, that was enough,” said Hereford. “But I saw an opportunity to bring a risk-based approach to exposure management and change how we handle vulnerabilities. That’s when we turned to CrowdStrike.”

Falcon Exposure Management from CrowdStrike

Intermex, already a CrowdStrike customer for several years, had deployed the AI-native CrowdStrike Falcon® XDR platform for protection across multiple attack surfaces. One benefit of CrowdStrike’s unified platform is it allows customers to easily test and deploy additional security capabilities using their existing lightweight Falcon agent and console.

With the Falcon agent already on his endpoints, Hereford decided to trial CrowdStrike Falcon® Exposure Management, an agent-based vulnerability and exposure management tool that uses the power of AI and the Falcon platform to provide 360-degree visibility and proactive risk reduction.

“I turned it on Friday afternoon and planned to come back Monday to take a look,” said Hereford. “Once I turned it on, the telemetry immediately started flowing, and I could see right away that we had a significant problem.”

Intermex soon licensed Falcon Exposure Management to handle its vulnerability management  challenges. The solution provided instant visibility into vulnerabilities present on systems. Hereford found CrowdStrike’s proprietary ExPRT.AI prioritization scheme particularly useful in further narrowing down the massive number of vulnerabilities to an actionable few. ExPRT.AI uses CrowdStrike’s built-in real-time threat intelligence, along with XDR detection events, to effectively predict the vulnerabilities’ exploitability.

“You cannot eliminate all vulnerabilities … and you can actually burn out your IT team with too much patching activity. So it’s critical to prioritize the most important risks to tackle,” said Hereford. “CrowdStrike allows us to do that.”

Changing the Security Culture at Intermex

Hereford also made the decision to bring the vulnerability management program in-house and establish a cross-functional team, which meets weekly to tackle the highest priority vulnerabilities. He went as far as telling IT teams to focus on only remediating vulnerabilities categorized as critical by ExPRT.AI. It didn’t take long for Intermex’s security, IT and executive teams to embrace the modern approach, kicking off a new era of collaboration and effectiveness.

“In less than a year with Falcon Exposure Management, we reduced critical vulnerabilities by 98% in our DMZ, 92% across our entire server board and 86% on all workstations,” said Hereford. “Those are massive improvements that I was proud to present to the board.”

In addition to a structured vulnerability management program, Intermex also has new protocols for handling zero-days. Falcon Exposure Management’s rapid vulnerability assessment capability lends itself well to emergency response. Both the vulnerability management and SOC teams at Intermex use Falcon Exposure Management to stay on top of zero-days and cross-reference information across the Falcon platform to respond — a shift from traditional vulnerability management tools, which are typically used by vulnerability management teams only.

Finally, the external attack surface management (EASM) capabilities of Falcon Exposure Management enable Intermex to discover external-facing IPs and correlate them to an internal view of assets, drastically improving the team’s ability to track down unintended exposures and prioritize risk remediations.

“It took about eight months of sustained heavy activity, but our program is unrecognizable from where it started,” said Hereford.

Consolidating with CrowdStrike

Intermex has deployed other Falcon platform modules to further protect the company from cyberattacks. Previously, it had limited visibility into its Microsoft Azure environment. With CrowdStrike Falcon® Cloud Security, Intermex gets the industry’s most complete cloud-native application protection platform (CNAPP) with unified visibility across its cloud and apps.

“We have a lot of cloud-native assets — we’re not all servers,” explained Hereford. “With Falcon Cloud Security, we expanded protection to some of our cloud endpoints and cloud-native workloads using our existing Falcon agent.”

He took a similar approach with identity security, replacing a point solution with CrowdStrike Falcon® Identity Protection, managed by the Falcon Complete team. Now, as identity attacks surge, Intermex gets robust identity protection from the unified Falcon platform.

All in all, since adopting the Falcon platform, Intermex has been able to eliminate two agents and two consoles — reducing complexity while improving security outcomes.

“I love the Falcon agent. It’s a powerful unified agent that can drive endpoint, identity, exposure management, SIEM and many other use cases,” concluded Hereford. “From the exposure management improvements to consolidating on the Falcon platform, we’re definitely very impressed with CrowdStrike and pleased with the results.”

Additional Resources

Breaches Stop Here