.svg)
Insurtech
Enterprise
Global
Lemonade, a trailblazer in insurtech with a globally distributed team, offers a range of insurance products in the United States and Europe. As a regulated, public company, Lemonade’s security practices are an important component in its assurances to the public market. Lemonade’s leadership understands security is essential for protecting its customers' data, and for maintaining its hard-earned reputation as a leading insurance provider.
Today’s active threat landscape generates many questions in executive offices and boardrooms. When a trending threat enters the news cycle, Lemonade leaders want to know Lemonade is protected. They look to CISO Jonathan Jaffe for answers. Jaffe knows that buying the best XDR isn’t enough to meet the security challenges of today's landscape, so to extend his umbrella of protection, he explored several options.
Internal Red and Purple Team exercises proved expensive and inefficient, often dragging out for months and creating remediation bottlenecks upon completion. Attempts to automate this process using technologies such as breach and attack simulation (BAS) and automated pen-testing solutions also fell short, and came packaged with deeply lopsided costs-to-values.
In all cases, two assurance-driven requirements were not being met:
Chief Information Security Officer | Lemonade
Jaffe’s search and evaluation cycle stopped when he found Prelude’s production-scale detection and response testing platform. Because there were no hurdles to jump through, his team could get started for free and see immediate value. “We quickly recognized Prelude was in a class of its own,” he says. “Not only is Prelude delivering on its claims of testing at scale, in production environments, but it has unique XDR integrations which make exposure remediation fast, and easy. Best of all, we could create a proof of concept without even talking to sales.”
Lemonade effortlessly scaled Prelude to its entire heterogeneous production estate, comprising macOS, Linux, and Windows endpoints. With Prelude in place, taking threat intelligence and assessing Lemonade’s security posture suddenly became simple for Jaffe and his team. “Prelude’s lightweight testing infrastructure enables us to take our threat intelligence and make it actionable at the speed at which threat actors work. Threat intelligence decay is no longer much of a concern for us.”
Instead of making decisions using partial information, Jaffe leans on Prelude to confidently relay information. “I need to be able to go into any conversation with the board and have the knowledge and confidence to say, ‘I know, with certainty, we are protected’, which is what Prelude has been able to give me. By installing Prelude on all endpoints, we are able to run a test, collect intelligence, and march into meetings with conviction about the state of our security posture.”
Prelude’s philosophy and technology align with security leaders who, like Jaffe, pursue actual security, not compliance-driven security theater. “I don’t want a scanner or virtual machine-based product that generates noise. I want a solution that produces evidence.”
For Lemonade, control validation is only part of the equation. Jaffe was adamant about the ability to remediate XDR soft spots in a new solution. “Prelude’s ability to close exposure cannot be understated.”
Jaffe recognizes the impact of Prelude’s one-of-a-kind defensive integrations and the value they unlock. “If there’s ever an indication that our defensive controls are not meeting expectations, Prelude has a proposed solution, or a remediation, already in place. This saves our team time that would otherwise be spent engineering and implementing protections, or communicating with our XDR vendor, to implement a protection capability.”
Prelude presents Jaffe and his team with remediations that fill the protection gaps, encompassing everything from failing sensors to missing IoAs or misaligned policies. “Prelude takes control validation a step further by enabling closed-loop detection engineering. If there is missing telemetry, detections, or preventions, Prelude provides a fix.”
Chief Information Security Officer | Lemonade
