Texas Mutual Insurance Improves Cyber Risk Governance with AppSOC

Texas Mutual Insurance (TXM) is a leading provider of workers' compensation insurance in Texas, serving approximately 75,000 businesses across the state. With over 1,000 employees and a network of more than 9,000 agents, TXM plays a crucial role in ensuring that businesses and their employees are protected against workplace injuries. As a major player in the financial services industry, TXM faces significant challenges in managing its security posture, especially given the increasing complexity of cyber threats.

The rapidly evolving landscape of cybersecurity posed several challenges for TXM’s security team. The primary issue was the overwhelming volume of data generated by multiple disparate security scanners. Each scanner had its own risk scoring system, leading to inconsistent risk assessments and a lack of coherent risk-based prioritization. The security team struggled to compile a comprehensive security posture that was both accurate and up to date, which was crucial for effective decision-making and reporting to management.

• Vulnerability Overload
• Inconsistent vulnerability prioritization
• Lack of application-level risk visibility

To address these challenges, TXM implemented the AppSOC platform, a comprehensive security solution designed to streamline and enhance the organization's application security management. The AppSOC platform was specifically chosen for its ability to ingest data from multiple scanners, aggregate, deduplicate, correlate, and prioritize this data based on risk parameters tailored to TXM’s unique needs.

One of the key features of AppSOC is its risk-based prioritization. This feature allows the security team to focus on the most critical vulnerabilities, reducing the noise generated by redundant and low-priority alerts by over 90%. By mapping vulnerabilities to the application hierarchy, the platform provides consistent visibility across tools, enabling the security team to quickly identify and address the most pressing risks.

AppSOC’s integration capabilities also played a significant role in its selection. The platform was seamlessly integrated with existing tools such as Jira for ticketing, MS Teams for notifications, and Okta for single sign-on (SSO). This integration ensured that the security team could manage incidents and vulnerabilities efficiently without disrupting their established workflows.

AppSOC was chosen by TXM for several reasons:

‍1. Risk-Based Prioritization: AppSOC’s ability to prioritize vulnerabilities based on risk was a game-changer for TXM. This feature enabled the security team to focus on the most critical issues first, ensuring that resources were allocated effectively to mitigate the most significant threats.

‍2. Mapping to Application Hierarchy: The platform’s ability to map vulnerabilities to the application hierarchy provided TXM with a clear understanding of where the risks were located within their infrastructure. This mapping was crucial for making informed decisions about where to focus remediation efforts.

‍3. SLA Tracking and Integrated Compliance Controls: AppSOC’s built-in SLA tracking and compliance controls ensured that TXM could meet regulatory requirements and internal policies. This feature was particularly important in the highly regulated financial services industry, where compliance is a top priority.

‍4. Comprehensive Integration: The ability to integrate with TXM’s existing tools and platforms, such as Veracode for SAST/DAST, Tenable for vulnerability management, CrowdStrike for CSPM, APISec for API security, Jira for ticketing, MS Teams for notifications, and Okta for SSO, made AppSOC a perfect fit for TXM’s environment. This integration minimized disruption and allowed the security team to continue using the tools they were already familiar with.

‍Return on Investment (ROI)

The implementation of AppSOC resulted in significant cost savings and operational efficiencies for TXM. Prior to using AppSOC, TXM spent over $500,000 annually on consultants to compile application security posture reports. These reports, however, were almost immediately outdated due to the constant evolution of cybersecurity threats. With AppSOC, this cost was completely eliminated, as the platform automatically compiles and updates security posture data in real-time. In addition, the reduction in redundant and low-priority alerts by over 90% allowed the security team to focus on high-impact vulnerabilities, improving the organization’s overall security posture. The time saved on managing and correlating data from disparate scanners translated into more time for the security team to focus on strategic initiatives and proactive threat hunting.

‍Customer Testimonial

John Sapp, the Chief Information Security Officer (CISO) at TXM, highlighted the impact of AppSOC on the organization’s security operations: “With AppSOC, I can truly identify my risk and exactly where it exists. AppSOC does all the heavy lifting to get me the data I need.”

This testimonial underscores the value that AppSOC brings to TXM, particularly in terms of risk identification and data management. By providing a clear, prioritized view of vulnerabilities, AppSOC empowers the security team to make informed decisions quickly, reducing the overall risk to the organization.