When a customer first reported a phishing site impersonating their brand, the threat intelligence team at a major U.S. financial institution thought they could handle it internally. Thirty-two days later, they had their answer.
That month-long window gave threat actors everything they needed: time to harvest credentials, erode customer trust, and establish persistence. Today, that same institution takes down phishing threats in 36 hours. The repeat offenders who once exploited their brand? They’ve moved on to easier targets.
In a recent webinar, Bolster CEO Rod Schultz and VP of Marketing Lauren Barraco walked through this transformation story, revealing hard lessons about organizational silos, the hidden costs of manual processes, and why speed has become the only metric that truly matters.
The 32-Day Problem
The customer at the center of this story manages $70 billion in assets under management with over 5,000 employees across the United States. As a digital-first financial institution, their rapid growth brought brand visibility and with it, sophisticated attacks.
“The more popular you are, the more people want to become like you,” Schultz explained during the webinar. When phishing reports first arrived, the response process looked straightforward: identify the threat, contact the hosting provider, confirm removal. The reality proved far more complex.
Coordinating across legal teams, navigating hosting provider bureaucracies, and managing stakeholders with different priorities turned each takedown into a multi-week ordeal. “There’s a skill set mismatch and an inability to understand how to functionally do what you need to do in order to take this fraudulent thing off the network,” Schultz noted. The result: 32 days per takedown.
From Brand Protection to Security Operations
A decade ago, brand monitoring lived in legal or marketing departments. The financial institution recognized early that this world had fundamentally changed. Their threat intelligence function, which started as a team of one in 2019, now operates with three professionals reporting directly to the Chief Information Security Officer.
“Anybody who reports to the CISO means that they are a top-of-mind problem or a security concern for that CISO,” Barraco noted during the webinar.
The team built a comprehensive framework connecting domain monitoring, app store surveillance, social media scanning, dark web analysis, and threat actor tracking into a single operational view. “We are absolutely seeing a need to link the two worlds of cyber and fraud,” Schultz explained. “What we’re starting to work on at Bolster is a single pane of glass in order to do that.”
As the team put it: “Threat intelligence isn’t just what’s happening inside your walls. It’s what’s happening outside them. You can’t defend against what you don’t see.”
The Path to Transformation
The institution’s journey started with CheckPhish, Bolster’s free scanning tool. “This customer started with our free tool,” Schultz shared. “We created CheckPhish for the open source community. It allows people to upload URLs and phishing emails, and we will scan them with our sophisticated backend.”
Five free scans per day quickly proved insufficient. Barraco noted this as “fraud-led growth into Bolster, “the free tool gave the team confidence before committing to a full platform.
The institution added domain protection and app protection in 2022, then expanded in 2025. “This is a very common process that we see with our customers, where they start to add more and more modules as they start to see the synergy,” Schultz explained. Social media scanning caught fake support accounts, dark web monitoring identified stolen data, and email analysis revealed phishing campaigns early.
32 Days to 36 Hours: The Results
“Before Bolster, it took them 32 days. With Bolster, 36 hours,” Schultz explained. “You’re seeing a rapid turnaround time here that immediately reduces the attack surface.”
The speed broke the attacker’s business model. A persistent threat actor attempted multiple phishing campaigns. Each time, automated takedown eliminated the threat within 36 hours. “Effectively, what that threat actor did was they walked away and moved on to a weaker target,” Schultz recounted. “People who commit fraud are not just going to stop, they’re just going to move on to a better target.”
When Barraco framed the 99% improvement, Schultz connected it to a tangible comparison: “If you think about what people pay for at the airport to go through the Clear process, Clear probably saves you all of 10 minutes. We saved this financial institution over a month [of phishing lead time per attack].”
The team also discovered an unexpected benefit: catching unauthorized brand usage. As the institution grew, third-party vendors began placing the company’s logo on their websites to suggest false affiliation. “It’s not direct phishing impersonation,” Schultz explained. “It’s more like, hey, this is a really strong brand and logo. They’re affiliated with us, therefore you should be affiliated with us as well.”
Bolster’s AI flagged these instances automatically. Barraco highlighted this as crucial for stakeholder buy-in: “If you want to get your marketing team on board with the purchase, you need a little extra backup. These are the things that I worry about as well on the marketing side.”
Practical Advice from the Webinar
During the Q&A, Schultz and Barraco offered concrete guidance for building phishing defense programs:
Start with visibility. Schultz recommended beginning with open-source tools: “That freemium tool can be thought of as a very inexpensive flashlight for you to start shining around and understanding what your perimeter looks like and who’s trying to attack it.”
Get alignment across teams. When asked how to align leadership on brand protection, Schultz emphasized moving from abstract to concrete: “Start having very honest conversations and move from very soft, abstract language into very concrete. This is the attack chain, and this is where we’re going to create strengths to prevent those attacks from happening.”
Break down silos. “By using the Bolster platform, they were able to remove the silos,” Schultz noted. “You started to get cross-communication and visualization into these attack surfaces, and people started to collaborate.”
For marketers entering security conversations, Barraco offered reassurance: “You don’t have to be an expert on cybersecurity. Your role there is to be the expert of your domain, which is marketing. Get really clear on the use cases.”
Why This Matters Now
Throughout the webinar, both speakers emphasized that the lines between cybersecurity and fraud have blurred completely. “Ten years ago, brand monitoring and security was really owned by legal or marketing,” Schultz explained. “We are seeing it shift into threat intel, into security operations, up into the Chief Information Security Officer, because these attacks are so sophisticated that they’re no longer siloed.”
His advice for organizations still treating these as separate domains: “Get ahead of it. Start planning for that migration into a team that knows how to take those signals and turn them into actualized security changes.”
The financial institution’s journey illustrates this evolution perfectly. What began as brand protection quickly revealed itself as a full-spectrum security challenge requiring the speed and rigor of traditional cybersecurity operations.
The Bottom Line
The transformation from 32 days to 36 hours wasn’t about revolutionary technology or unlimited budgets. It was about organizational clarity, automated detection, and recognizing that external threats demand the same urgency as internal vulnerabilities.
“The accelerated time to value, if you say value is how fast that website was taken down, that is insane,” Schultz noted.
The results speak clearly: faster takedowns, deterred attackers, protected customers, and unexpected benefits like catching brand misuse. The threat landscape won’t slow down. The only question is whether your organization’s defenses can match the pace.
Webinar Highlights
This article is based on a webinar featuring Rod Schultz, CEO at Bolster, and Lauren Barraco, VP of Marketing at Bolster. Watch the full session to see the detailed customer case study and Q&A discussion.
