From Overwhelming Alerts to Streamlined Social Media Protection
Business Overview
First Command Financial Services is a major financial services provider based in Fort Worth, Texas. The specialize in financial planning, wealth management and securities trading for members of the military. First Command manages over $22 billion in funds and services a quarter million US families. Founded in 1958, First Command now boasts 171 worldwide offices. With such an impressive history on the line, they need streamlined social media protection.
Wasting Time Sifting Through Irrelevant Data
In October of 2015, First Command purchased a listening tool to monitor for malicious mentions of their brand and their people on social media. The tool proved to be ineffective. It regularly crashed, and it was slow. Because it was based on simple keyword matching, it regularly produced 30,000 alerts in a single week, nearly all of which were noise. Monitoring for mentions of First Command or an executive’s name, if it was a commonly occurring name, would trigger a flood of irrelevant data. Less than a quarter of which actually referenced First Command.
The volume of false positives resulted in 10 man hours of work per week for the team. In addition, the platform was highly inflexible and did not respond to First Command’s feedback or product requests. By 2016, they had stopped using the tool altogether. The defunct tool they had been using had to be replaced by something more powerful, more dynamic, and more flexible, relative to their needs.
This solution would have to address a variety of challenges. Those include identifying malicious chatter around their brand and key employees, sniffing out fake accounts, checking for employees violating compliance, analyzing suspicious activity around their owned accounts, and finding phishing URLs squatting on their domains.
ZeroFox's Approach to Social Media Data: Streamlined Social Media Protection
First Command joined as a ZeroFox customer in February of 2016. First Command was unsure what assets existed in the social world, let alone which ones to protect. Using the ZeroFox Platform, ZeroFox worked closely with their team to map their critical assets, discover accounts, prioritize protection, rapidly configure the platform and enter a vast amount of asset groups. Within a few short days, ZeroFox helped First Command identify over 500 unique asset groups that required protection.
Contained in each asset group was a slew of names, images, hashtags, key phrases, accounts and more that dictated data ingestion at a massive scale. Although ZeroFox was ingesting considerably more data than the previous tool, over 23 million pieces of content in 2016, the volume of alerts plummeted and the quality skyrocketed.
Leveraging much more advanced and finely tuned analysis than the old tool, ZeroFox’s solution only triggers alerts for the things that matter to First Command. The key to ZeroFox’s success with First Command is a respect for data. First Command monitors for risks surrounding hundreds of different people and brand assets That results in terabytes of diverse data across a multitude of social media channels.
The volume of data analyzed by ZeroFox is shocking. And at the end of the day, I only see the alerts that truly matter to First Command.
ZeroFox’s data ingestion system can support dynamic data at scale, constantly collecting and normalizing new information as it changes in the social media landscape. To analyze this data effectively, ZeroFox employs data science techniques and advanced machine learning algorithms to separate true positives from false positives.
ZeroFox Flexibility Tackles First Command's Diverse Use Cases
In addition to the data-driven precision of the ZeroFox Platform, First Command leverages its flexibility. First Command uses ZeroFox to look for a variety of diverse risks. They have identified URLs squatting on their owned domains, fraudulent accounts imitating their executives & brands, noncompliant employee posts, and scams targeting customers. At the core of ZeroFox’s flexible analysis is FoxScript. It's an open scripting language that gives full control of ZeroFox’s advanced analysis engine to the First Command team.
Leveraging FoxScripts, organizations can fine tune alerting thresholds, monitor for organization-specific language and keyphrases, and create custom policies for any use case that matters to them. ZeroFox has worked with First Command to create custom FoxScripts. These are specifically around unique internal compliance policies. The most recent FoxScript rolled out by First Command identifies unique, malicious chatter around the organization. This new layer of functionality addresses both brand protection and corporate security. It ensures their previous listening tool can be put to rest for good.
A Future Without Social Media Compromise
ZeroFox and First Command worked together to quickly remediate an account takeover in progress. After suspicious activity was identified on the First Command’s Twitter account, ZeroFox worked directly with the social network to ensure the attack was stopped immediately. ZeroFox advised First Command on account privacy and security best practices. And worked with them to implement a more robust social media security plan. In the end, the attack was thwarted before the intruder could send a post or do any lasting damage.