Contact Us

Implementing an Automated Phishing Response with Thirdera and ServiceNow

 This large insurance and wealth management company employs over 10,000 employees to serve the needs of millions of customers across Europe and North America. As one of the industry’s leading service providers, company employees receive a large volume of suspicious and malicious emails—all with the potential to compromise the company’s cybersecurity or computer systems.



Before leveraging Thirdera and ServiceNow, the response strategy for handling these potential threats relied on multiple tools and time-consuming processes that didn’t allow for a consolidated overview of all security incidents. Since grouping multiple similar emails into one actionable case was impossible, the company experienced lengthy resolution times and a lack of visibility into how long each incident took to resolve. 

To develop a more effective cybersecurity strategy, the company looked to Thirdera for guidance. Under tight time constraints, we implemented a blend of ServiceNow solutions to create a robust, coordinated response for dealing with cyber incidents and vulnerabilities. 


Company Profile

Size: 10,000+ employees      |     Industry: Insurance Services & Wealth Management   |     Location: Canada


Key Challenges

eye ball watching icon thirdera pink

The current process gave no visibility into the mean time taken to respond to incidents or the time taken to remediate each individual phishing incident.

scrum master icon

Employees spread across multiple countries were receiving suspicious phishing emails from a wide range of scam organizations.

Hacker icon thirdera pink

Reporting and analyzing suspicious emails was completed within Microsoft Outlook, with time-consuming manual analysis required to identify threats.

code download upload icon thirdera pink

There was no way to accurately record phishing emails and the time taken to respond to each of these

The insurance company’s employees—spanning multiple countries across two continents—were the target of many suspicious emails from various scam organizations. The company’s processes for analyzing, parsing, and enriching these phishing emails used a range of siloed, manual tools. This was not only clunky and time-consuming—it was also a potential security risk for internal and client data.  

While the company had previously engaged two other firms to solve the issue, neither could achieve a successful outcome.


Our Solution

Thirdera was recommended as a potential vendor by ServiceNow after members of the insurance company’s digital team attended our presentation on Security Operations (SecOps) projects. Thirdera’s expertise in helping clients develop robust security response strategies and our ability to deliver within a very tight deadline made us an obvious partner for this project.

Added the company’s Director of Information Security, “We appreciated how Thirdera was able to adapt to and be professional about our unique time constraints.”  

Under Thirdera’s technical and consultative guidance, the company successfully implemented several of ServiceNow’s Security Operations solutions. As a result, the company was able to deploy a strong cybersecurity strategy to effectively manage new levels of cyber risk using a blend of discovery, identification, and remediation.

The Result

Rapid Response
By aggregating and prioritizing multiple security incidents into one actionable case, vulnerabilities can be effectively addressed while also decreasing the mean-time-to-resolve (MTTR).


Workflows for remediation allow for standard resolution practices and a comprehensive overview of all cyber risks affecting the company.

Repeatable processes and faster resolution times ensure cyber resiliency against a wide range of security incidents.

By removing the need for manual analysis, ServiceNow's SecOps solutions allow the company to manage emerging cyber risks efficiently. 

The company can securely store internal and client data by centralizing the reporting and analysis of threats.

Thirdera leveraged ServiceNow’s Security Incident Response (SIR) User Reported Phishing application to consolidate phishing incidents from actual attackers and simulated phishing exercises.  

With Thirdera's help, the company also developed customized email aggregation rules to accelerate incident resolution times. These rules group emails based on:

  • Message ID
  • Subject
  • Sender email address
  • Sorted set of URL domains 
  • Sorted set of attachment hashes 
  • Percentage of email body matched 

Instead of completing email parsing and enrichment within separate tools, this is now achieved using ServiceNow’s Threat Intelligence application and integrations with observable enrichment tools. The observables gathered from this parsing are then sent to external tools for further analysis. Automatic email extraction also allows confirmed phishing incidents to be searched and deleted without requiring manual coordination.  

ServiceNow’s Integration Hub is also used to accelerate connectivity and simplify process automation. It allows the insurance company to create an intuitive and enriched workflow that can be employed across user-reported phishing incidents—including spear phishing and malware remediation. Threat Intelligence is performed using an integration with Anomali and Cisco Secure Malware Analytics, allowing for informed decision-making. Lastly, the end-to-end workflow of each security task is managed using Flow Designer.   

“Thirdera’s input, expertise, and perspectives—combined with their push to provide thought leadership to our team—has given us much more insight into the amount of spam email we are seeing,” said the company’s Director of Information Security. “We are very happy with the end result of this project and we've found the ServiceNow partner that we want to work with in the future.”

About Thirdera

The largest pure-play ServiceNow partner in North America, Thirdera is a trusted Elite ServiceNow partner focused solely on improving and innovating the way our customers leverage the ServiceNow platform. Our experts possess authoritative capabilities and skillsets spanning the entire Now Platform. This extensive platform expertise allows us to understand our customers’ needs and deliver tailored solutions that solve business challenges.

Contact us today to discuss your next project, and enter a new era of ServiceNow partner experience.

Get in touch


Josh Tessaro

Josh is a Director of Security & Risk at Thirdera. He is a creative, customer-focused, technology leader experienced in consulting large business technology organizations in the development and implementation of business solutions. Currently focused on ServiceNow as a platform to enable and transform business processes.