Healthcare Insurance Provider Client Gains Tool Visibility by Mapping to MITRE ATT&CK® and Optiv’s Security Controls



The Situation – complex technology landscape hindering gap visibility


The InfoSec manager at a healthcare insurance company was putting together the next year’s budget and plans, and needed to determine whether the money was being allocated correctly to meet the business needs. To accomplish this, the InfoSec manager needed to understand all the tools used across their security program. 


However, over the years, the security technology used by the organization had increased as each department deployed its own products, resulting in a complex technology landscape. Even worse, the complexity created a layer of uncertainty around the presence of any gaps and tool redundancies against security controls, specifically about the ability to address the recently adopted MITRE ATT&CK® framework. The InfoSec manager needed help mapping the security tools to the security controls and the MITRE ATT&CK® framework and understanding how to allocate their budget moving forward.


The Solution – build an effective technology stack that fits the long-term plan and budget


The Optiv experts and the InfoSec manager came together and devised a plan: figure out the appropriate security controls that need to be in place, work across different business leaders and client subject matter experts (SMEs) to uncover all security tools, map these tools to both Optiv security controls and MITRE ATT&CK® and provide a plan and budget for functional and technical improvements.


What once was a complex mess of security tools was now a plan of action for the InfoSec manager. The manager gained visibility to gaps in security controls and the MITRE ATT&CK® framework, identified areas of inefficiency and had the confidence and data to justify budget allocation.

Industry Served: Healthcare Insurance

What Client Purchased

  • Technology Consolidation and Rationalization with Subject Matter Expert Evaluation (Level 2)
  • Industry Framework Mapping (MITRE ATT&CK®)

Optiv's Actions

  • Performed discovery workshops with a focus on each control area with Optiv and client SMEs
  • Mapped the organizations security tools to Optiv’s controls map and the MITRE ATT&CK® framework, highlighting if the attack vectors were addressed and closed
  • Analyzed the clients unique set of tools and capabilities, built out potential integrations between tools and found functional and technical opportunities

Client Outcomes

  • 8 technical needs where additional tools were needed
  • 17 functional improvements that could be addressed with existing tools
  • 2 areas of redundancy that could simplify the efforts in maintaining and managing
  • 8 potential integrations between existing tools that once completed would add new functionality, improve threat intelligence and maximize the value of the tools for the security teams
Thumbnail Image 600x776

Download a printable version of this case study for more details


How can we help you secure greatness?


Optiv can advise on, deploy and operate end-to-end cybersecurity programs aligned to your business goals. As the cyber advisory and solutions leader, we serve nearly 6,000 companies across every major industry. Our certified experts can help you gain the agility, security, scale and control you need to stay ahead of the competition.