Case Studies

Case Study: Plymouth Rock

Plymouthrock + XM Cyber

When a leading US insurance firm needed help managing cybersecurity risk, XM Cyber had them covered

“Understanding different attack types and how they move around in an environment, that’s really where XM Cyber plays a big part for us.”
Harold Moore, CISSP, Director of IT Security at Plymouth Rock
Business Situation                 

Plymouth Rock Assurance has served the insurance needs of its American clients for nearly 40 years. Specializing in auto and homeowner’s insurance, the Plymouth Rock group of companies has sustained steady growth and now write and manage more than $1.5 billion in premiums across the Northeast.

As a fast-growing company in a tightly regulated industry tasked with managing large troves of customer data, Plymouth Rock places a special emphasis on strong cybersecurity.

The Challenge

Plymouth Rock has a committed team working hard to ensure the company’s critical assets remain secure. To accomplish this, the team utilizes tools from vendors to identify and mitigate threats. XM Cyber has played a significant role as Plymouth Rock enhances and continually invests in security protection.

Before deploying XM Cyber, Plymouth Rock used vulnerability scanners, antivirus software and other tools to safeguard key assets. However, as the company grew it faced increasing security threats and the company needed more sophistication and support with identifying threats and prioritizing risk. XM Cyber did not replace these standard tools but complemented the company’s existing resources to identify exposures from misconfigurations, vulnerabilities and human error. To address these challenges, the team at Plymouth Rock engaged with XM Cyber.

The Results

Plymouth Rock deployed XM Cyber’s Attack Path Management platform to strengthen its overall security posture. Company leaders say that XM Cyber technology plays a critical role in identifying critical assets and zones and showing precisely how many steps it would take an attacker to compromise those assets.

When XM Cyber’s Attack Path Management indicates an asset can be compromised in five steps or fewer, the Plymouth Rock security team jumps into action and begins working to close the vulnerability. Company executives credit XM Cyber with identifying the most urgent, high-risk exposures and providing actionable, prioritized remedial recommendations for security teams.

XM Cyber also drew high marks for its integration with the MITRE ATT&CK frame-work, which allows the XM Cyber Attack Path Management platform to closely mimic the tactics of Advanced Persistent Threats (APTs). These sophisticated adversaries can breach a network, move laterally and exfiltrate crown jewel assets
while escaping detection.

Plymouth Rock leaders credit XM Cyber with exposing the potential for APT and lateral movement risks and reducing the time that would
ordinarily be spent working to deter such threats. Company executives also recommend XM Cyber’s ability to show how attacks would unfold under real world conditions — something they say galvanizes defenders and gives their work added meaning.

Plymouth Rock At-A-Glance:

  • Leading insurer focused mainly on the Northeastern United States
  • Based in Boston, Massachusetts
  • The Plymouth Rock group of companies together write and manage more than $1.5 billion in personal and commercial auto, homeowners and umbrella insurance premiums in Connecticut, Massachusetts, New Hampshire, New Jersey, New York and Pennsylvania
  • Dedicated IT security team

Working Toward a More Secure Future with XM Cyber

An organization the size of Plymouth Rock generates a long list of tasks to assist in mitigating security risks. This means that smart, streamlined prioritization is a key objective. Plymouth Rock leaders say that the XM Cyber Attack Path Managemet platform makes this process much faster and easier. Instead of devoting significant work hours to scope these risks, the team relies on XM Cyber to help with prioritization based on risk analysis.

Plymouth Rock continues to incorporate XM Cyber into their overall security posture on both on-premise and cloud environments. Company executives say that XM Cyber’s ability to go much deeper into threat analysis is a key differentiator. Unlike other tools, XM Cyber can identify hidden vulnerabilities that can exploited by highly sophisticated attackers.

Plymouth Rock Assurance® and Plymouth Rock® are brand names and service marks used by separate underwriting, managed insurance, and management companies that offer property and casualty insurance in multiple states. Each underwriting and managed insurance company is a separate legal entity that is financially responsible only for its own insurance products.


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.