SAFE Acquires Balbix to Create the Ultimate AI-native Platform for Unified Cyber Risk and Exposure Management. Read Press Release close-icon

Carvana: Driving Cyber Resilience Up, Insurance Down

quote Icon

“SAFE's use of AI isn’t just a gimmick like many security vendors. Their use of generative AI, deep learning, and classic machine learning techniques is a core part of the platform, enabling us to deeply understand, quantify, and rapidly reduce our cyber risk across our environment.”

Dina Mathers Dina Mathers

CISO

Industry

Automotive Retail

Geography

USA

Size & Revenue

10,000+ Employees

40%

Reduction in Breach Likelihood

25%

Reduction in insurance premiums and improved coverage by 2x

200% ROI

In less than 9 months

Carvana’s Security Challenges

Carvana operates a diverse infrastructure to support its cybersecurity program, employing various security tools. Before SAFE, Carvana utilized multiple agents and scanners deployed across workstations to collect data on assets, software, and vulnerabilities that required intricate processes to consolidate information and identify blind spots in security coverage. Carvana did not have a singular, authoritative source of truth in place.

Carvana used traditional vulnerability scanners to detect vulnerabilities, which presented complexities in identifying and remediating security vulnerabilities due to administrative overhead and delays. Carvana needed a system to determine which vulnerabilities should be prioritized for remediation with appropriate business context, and its technical teams were in search of a more effective way to communicate cybersecurity risks to non-technical teams.

Today, Carvana continues to maintain a cloud-first approach with a significant portion of its infrastructure hosted in the cloud. Leveraging native cloud technologies, Carvana aims to optimize operations and enhance security in alignment with its innovative business model.

How SAFE Solved Carvana’s Security Challenges with AI

With SAFE, Carvana was able to gain visibility into vulnerabilities and misconfiguration, and assess the impact of emerging threats in real-time more reliably, resulting in more rapid response to zero-day vulnerabilities. Moreover, with SAFE’s cyber risk quantification (CRQ), they could prioritize risks for remediation effectively based on business impact.

By converting cybersecurity risk data into easily understandable metrics, SAFE enabled stakeholders, even those with non-technical backgrounds, to engage more effectively in Carvana’s cybersecurity discussions.

SAFE helped to bridge communication between technical and non-technical teams by quantifying cybersecurity risks in Carvana’s environment, offering clear and understandable metrics suitable for all stakeholders, including those with non-technical backgrounds. This effectiveness is demonstrated through SAFE’s capability to provide comprehensive risk quantification and easily interpretable metrics for the entire organization. SAFE’s breach likelihood and breach risk metrics, expressed in dollars, enabled effective prioritization of risks for remediation based on business impact. Additionally, SAFE’s native connection between vulnerabilities and patching, including metrics such as Mean Time to Patch (MTTP), enhanced Carvana’s overall cybersecurity management capabilities and key performance indicators.

 

“By significantly improving our security posture with SAFE and quantifying our risks, we were able to secure a 25% reduction in our cyber insurance premium, double our coverage, and unlock more options to increase coverage–options that weren’t available to us before.”

Dina Mathers, CISO

Why Carvana Chose SAFE

Carvana meticulously evaluated various cyber risk management solutions, considering critical criteria to address the organization’s needs, and selected SAFE as its preferred cybersecurity solution for three reasons.

First, SAFE’s ease of deployment. Carvana’s team sought a solution that could be implemented and maintained with minimal effort. The implementation of SAFE was quick, seamless, and did not introduce operational overhead in managing the product.

Second, SAFE offered comprehensive visibility into all of Carvana’s assets, applications, vulnerabilities, controls, and threats, providing insights beyond endpoints and servers, ensuring a holistic understanding of the organization’s cybersecurity posture. With AI, SAFE enabled Carvana to consolidate, normalize, and deduplicate data gathered from multiple data sources to produce a dashboard that provided visibility into current cyber risk.

Lastly, by quantifying risk in monetary terms across Carvana’s IT environment, SAFE provided actionable recommendations to burn down cyber risk to acceptable levels, enabling them to lower their risk rapidly.  This included prioritizing patching for critical vulnerabilities. This aligned perfectly with Carvana’s proactive approach to risk management, enabling swift and effective responses to emerging threats.

Overall, Carvana found SAFE the ideal cybersecurity partner, offering unparalleled visibility, deployment ease, and actionable insights to safeguard its operations and customers.

Results

The deployment of SAFE yielded significant results for Carvana. The company experienced a 40% reduction in breach likelihood within 9 months, primarily driven by targeted initiatives guided by SAFE’s insights. Additionally, better prioritization and faster remediation of critical risks helped Carvana reduce its cyber insurance premium by 25% and improve coverage by 2x within one year.