Mercury Financial Builds a Security Ecosystem Around CrowdStrike
Mercury Financial is a Texas-based credit card and consumer lending company. Founded in 2013, the fintech company has embraced cloud computing to help deliver a premium user experience to its one million customers and counting.
But with a cloud-native environment that requires complete protection of its infrastructure and customer data, Mercury Financial needed more than just security tools — it needed a full suite of products, services and threat intelligence.
The company partnered with several legacy security vendors over the years, but the performance just wasn’t there. As it tapped into new markets and added new customers, Mercury Financial needed a modern solution that could support the scalability of a cloud-native environment and seamlessly protect cloud resources such as dynamic container environments.
Mercury Financial also wanted to consolidate its security stack with a single platform to protect endpoints, cloud and workloads. That’s when it turned to CrowdStrike.
Creating a Culture of Security
After testing several solutions, Mercury Financial chose the CrowdStrike Falcon® platform. Now, the company has a single interface to protect its entire IT infrastructure, including AWS and Azure cloud environments.
“It all starts with endpoints and identity,” noted Anthony Cunha, CISO at Mercury Financial.
The company uses CrowdStrike Falcon® Insight endpoint detection and response, and CrowdStrike Falcon® Identity Threat Detection as a first line of defense. Together, these tools provide automated threat detection and real-time visibility into front-line threats.
CrowdStrike Falcon® Cloud Security with Containers allows Mercury Financial to understand its current threat status for cloud workloads, and respond to incidents and risks faster. At the same time, CrowdStrike Falcon Horizon® cloud security posture management (CSPM) scans the company’s cloud infrastructure to detect and remediate misconfigurations and vulnerabilities.
All told, CrowdStrike has helped Mercury Financial reduce endpoint agent management issues by 8x and eliminate false positives. Now, instead of remediating around 100 endpoint workloads a month, it’s handling around 12, providing faster threat detection and remediation, better security and compliance reporting for stakeholders, as well as security consistency across the organization.
“By giving us end-to-end protection, CrowdStrike has helped us build a culture of security,” said Alex Arango, Head of Cyber Threat Management and Deputy CISO at Mercury Financial.
Mercury Financial also uses CrowdStrike to support its “shift left” strategy to introduce security early in application development, including container scanning and Kubernetes protection. Software developers use Falcon Cloud Security reports to resolve security issues before releasing to production. This helps developers accelerate time-to-market of new apps, products and services, and deliver a better and safer customer experience.
“Partners like CrowdStrike allow us to scale quickly, secure our entire infrastructure and bring new products and solutions to market much faster,” said Arango.
An Ecosystem of Security Experts
When it comes to managed detection and response, Mercury Financial turned to CrowdStrike Falcon® Complete, a managed service that functions as an extension of the fintech company’s security operations center (SOC). This allows Arango and his team to spend less time on mundane security tasks and more time on high-value operations.
“We wanted a force multiplier,” Arango said. “CrowdStrike gives us the ability to be more of a cyber intelligence and cyber fraud team … moving us from cybersecurity to overall security.”
Mercury Financial takes a holistic approach to cybersecurity that includes protecting customer information, users and business operations. To help achieve this, the company has formed strategic partnerships with CrowdStrike, AWS, Okta and Zscaler.
Together, these partners give Mercury Financial an integrated security ecosystem to further its Zero Trust ambitions. Security telemetry is shared between vendors, ultimately helping the company better manage complex threat fabrics and regulatory frameworks, while differentiating itself from competitors.
“The partners we pick are leaders in their field. They see the latest attacks and methodologies, and collaborate to break down security silos and deliver a 360-degree view of the threat landscape,” said Arango. “We couldn’t do it without them.”
Security That Customers Can Trust
At Mercury Financial, CrowdStrike provides more than just products and services. It also provides threat intelligence via CrowdStrike Falcon® Intelligence, a solution that adds context to detections and automates investigations to help the fintech firm make better, faster decisions.
CrowdStrike also helps the company with various IT tasks, including change management, reporting, third-party vendor onboarding and launching new services.
Together, the full suite of CrowdStrike solutions has helped Mercury Financial transform its security posture, while reducing cost and complexity. But it’s not only Mercury Financial that benefits from CrowdStrike.
“CrowdStrike protects our customers as well,” concluded Arango. “By helping us build a rock-solid security culture, CrowdStrike has given our cardmembers peace of mind knowing their credit card data is protected.”