Driving Cyber Resilience Up, Insurance Down

Balbix’s innovative platform drove tangible improvements in Carvana’s security risk posture. With Balbix’s assistance, Carvana is able to prioritize risks more effectively, streamline incident response, and demonstrate the business value of its cybersecurity initiatives.

Carvana’s Security Challenges

Carvana operates a diverse infrastructure to support its cybersecurity program, employing various security tools. Before Balbix, Carvana utilized multiple agents and scanners deployed across workstations to collect data on assets, software, and vulnerabilities that required intricate processes to consolidate information and identify blind spots in security coverage. Carvana did not have a singular, authoritative source of truth in place.

Carvana used traditional vulnerability scanners to detect vulnerabilities, which presented complexities in identifying and remediating security vulnerabilities due to administrative overhead and delays. Carvana needed a system to determine which vulnerabilities should be prioritized for remediation with appropriate business context, and its technical teams were in search of a more effective way to communicate cybersecurity risks to non-technical teams.

Today, Carvana continues to maintain a cloud-first approach with a significant portion of its infrastructure hosted in the cloud. Leveraging native cloud technologies, Carvana aims to optimize operations and enhance security in alignment with its innovative business model.

How Balbix Solved Carvana’s Security Challenges with AI

With Balbix, Carvana was able to gain visibility into vulnerabilities and misconfiguration, and assess the impact of emerging threats in real-time more reliably, resulting in more rapid response to zero-day vulnerabilities. Moreover, with Balbix’s cyber risk quantification (CRQ), they could prioritize risks for remediation effectively based on business impact.

By converting cybersecurity risk data into easily understandable metrics, Balbix enabled stakeholders, even those with non-technical backgrounds, to engage more effectively in Carvana’s cybersecurity discussions.

Balbix helped to bridge communication between technical and non-technical teams by quantifying cybersecurity risks in Carvana’s environment, offering clear and understandable metrics suitable for all stakeholders, including those with non-technical backgrounds. This effectiveness is demonstrated through Balbix’s capability to provide comprehensive risk quantification and easily interpretable metrics for the entire organization. Balbix’s breach likelihood and breach risk metrics, expressed in dollars, enabled effective prioritization of risks for remediation based on business impact. Additionally, Balbix’s native connection between vulnerabilities and patching, including metrics such as Mean Time to Patch (MTTP), enhanced Carvana’s overall cybersecurity management capabilities and key performance indicators.

“Balbix’s use of AI isn’t just a gimmick like many security vendors. Their use of generative AI, deep learning, and classic machine learning techniques is a core part of the platform, enabling us to deeply understand, quantify, and rapidly reduce our cyber risk across our environment.”

Dina Mathers

Why Carvana Chose Balbix

Carvana meticulously evaluated various cyber risk management solutions, considering critical criteria to address the organization’s needs, and selected Balbix as its preferred cybersecurity solution for three reasons.

First, Balbix’s ease of deployment. Carvana’s team sought a solution that could be implemented and maintained with minimal effort. The implementation of Balbix was quick,seamless and does not introduce operational overhead in managing the product.

Second, Balbix offered comprehensive visibility into all of Carvana’s assets, applications, vulnerabilities, controls, and threats, providing insights beyond endpoints and servers, ensuring a holistic understanding of the organization’s cybersecurity posture. With AI, Balbix enabled Carvana to consolidate, normalize, and deduplicate data gathered from multiple data sources to produce a dashboard that provided visibility into current cyber risk.

Lastly, by quantifying risk in monetary terms across Carvana’s IT environment, Balbix provided actionable recommendations to burn down cyber risk to acceptable levels, enabling them to lower their risk rapidly.  This included prioritizing patching for critical vulnerabilities. This aligned perfectly with Carvana’s proactive approach to risk management, enabling swift and effective responses to emerging threats.

Overall, Carvana found Balbix the ideal cybersecurity partner, offering unparalleled visibility, deployment ease, and actionable insights to safeguard its operations and customers.


The deployment of Balbix yielded significant results for Carvana. The company experienced a 40% reduction in breach likelihood within 9 months, primarily driven by targeted initiatives guided by Balbix’s insights. Additionally, better prioritization and faster remediation of critical risks helped Carvana reduce its cyber insurance premium by 25% and improved coverage by 2x within one year.

“By significantly improving our security posture with Balbix and quantifying our risks, we were able to secure a 25% reduction in our cyber insurance premium, double our coverage, and unlock more options to increase coverage––options that weren’t available to us before.”

Dina Mathers