GAFG partners with NetSPI to address network & application risk

NetSPI +
Customer Story Download PDF

Global Atlantic is a leading U.S. retirement and life insurance company based in New York

My journey to GAFG

In 2018, I moved on from a decade-long career as a pen-tester/cybersecurity consultant to join Global Atlantic Financial Group (GAFG), a leading US retirement and life insurance company. At GAFG, I lead our Cyber Threat and Vulnerability team focusing on identifying risks and threats in our environment.

When I started, GAFG’s infosec program was dependent on vendors to pinpoint some of the technical risks that can be more difficult to identify. A review of previous reports from security vendors revealed no significant issues, which I know is quite rare to see over a multi-year period of assessments from having provided the same types of services to hundreds of companies myself. As I began to perform my own assessment of the network, I discovered easily identifiable high-risk issues (passwords in group policy preferences) had not been previously identified despite having been exposed before the other vendors’ pen-tests were performed.

Why I chose NetSPI

To help improve our security program’s ability to identify and address network and application risks beyond unpatched software, I knew we would need the help of a trustworthy, multifaceted cybersecurity firm to get the job done right.

In search of a highly capable proactive security vendor, I began the RFP process with a few of the top companies in the space. Having relied on the security research and tools from NetSPI security experts like Scott Sutherland during my time as a cybersecurity consultant, I felt confident in the technical acumen of their team. Along with the positive brand recognition, I felt NetSPI would be able to deliver the best value for my team at a reasonable price.

  • Penetration Testing ( PTaaS )
  • Threat Modeling
  • Social Engineering
  • Detective Control Testing
  • Red Team Engagement
  • NetSPI Solutions
    Detective Controls Testing | Penetration Testing (PTaaS) | Red Team | Social Engineering | Threat Modeling
  • Industry
    Insurance, Financial Services
  • Employee Count
    1k-5k
  • Headquarters
    New York, United States
  • Website
    globalatlantic.com

Customer spotlight

My peace of mind

From the start of my team’s partnership with NetSPI, I felt welcomed and valued as a customer. The sales team members I continue to work with are great and extremely responsive – attributes I highly value coming from a professional services role myself.

  • Adrian Vargas – VP, Cyber Threat & Vulnerability

Comprehensive testing Threat modeling, red teaming, and more

When NetSPI began performing our external and internal network penetration tests, I immediately saw value delivered in the vulnerabilities discovered early in their assessments.

  • Their testing was very comprehensive compared to other vendors, diving further into our external web properties than others had in the past and uncovering SQL error messages that would make any security leader nervous to leave undetected. They also uncovered some novel findings in our internal network, and one great value-add was the detail they put into proving out each attack chain.
  • In addition to penetration tests, NetSPI has performed successful phishing campaigns, threat modeling, red team engagements, and detective control testing for us. The detective controls testing was very valuable because it showed us that there are attack venues and kill chains that could potentially go undetected.

Into the future Long term success

From working with NetSPI, my team has been able to demonstrate our ability to prevent, detect, and respond to threats more effectively with the investments in our security stack. By better understanding the most likely attack vectors, we have been able to strengthen our detective controls.

  • The success of our first year working with NetSPI teed off a great second year, where we allocated additional funds to spend on NetSPI’s assessments. As a result of our second-year assessment findings, we built a business case to hire two additional people and form a new adversary emulation and detection team, otherwise known as our purple team.
  • NetSPI continues to be a truly independent security assessor and advisor for us at GAFG as we continue to grow our own internal capabilities. I look forward to what the future holds working together.

Explore More Success Stories

Software

How NetSPI Helped Microsoft Build Trust in AI Security with a Framework That Delivers Results

Daniel Moore
Principal Security Assurance Engineer

“NetSPI has demonstrated the ability to listen and adapt as needed to emerging business requirements. They have consistently invested in ways that ensure their effectiveness in delivering the outcomes we need.”
Healthcare

Quantum Health: Redefining Benefits Navigation with Proactive Engagement and Cost Savings

Michael Morabito
Information Security Officer

“NetSPI Detective Control Testing allowed me to eliminate unnecessary spend, acquire discounts for insurers, and give my board confidence to continue to invest in us”

Insurance

Everywhen Partners with NetSPI to Elevate TLPT Standards and Build Unparalleled Trust

Justyna Larkowska
CISO, Everywhen

“NetSPI Red Team consultant’s transparency, attention to detail, and commitment to building strong relationships make them feel like an integral part of your internal team, not just an external vendor.”