When it comes to cybersecurity, a global investment firm with five offices worldwide is up against many of the same issues as other organizations in the financial industry. The firm’s five-person security team, led by a chief information security officer (CISO), is focused protecting financial data. Recently, the company was searching for a solution that would offer more visibility into their network to further ensure data was protected while helping the team improve efficiency.
The team’s senior security engineer is responsible for security operations, investigations, and threat hunting. With such a breadth of duties, the firm needed an automated tool to help prioritize alerts and provide end-to-end network visibility while offering the context needed to make decisions with confidence and speed to stay ahead of attackers.
Improving Visibility: the search to upgrade from a homegrown solution
A large part of the senior security engineer’s job is to monitor malicious attempts to infiltrate the network. The security team was relying on a homegrown solution as a method of gaining this visibility, but it proved to be time-consuming, inefficient and unable to get the job done. Just keeping the solution updated and running correctly required valuable security analyst time. Additionally, correlating events was complex and tedious, and the overall lack of information it provided sent the team in search of a better solution.
Sumo Logic: automation that empowers analysts
After struggling to find a platform to meet all their specific needs, the firm’s security team engaged with Sumo Logic to determine if its security operations center (SOC) platform could offer the visibility they were seeking. After deciding Sumo Logic was the right solution for their needs, it was deployed easily within the firm’s environment, adding value within a week.
Almost immediately, Sumo Logic allowed the team’s senior security engineer to tap into the network data that other solutions were missing—in real time.
Additionally, since Sumo Logic easily integrates with their existing security stack, the company’s senior security engineer now receives improved insights that offer more context around threat alerts.
Built for speed: the knowledge to make faster, more precise decisions
Sumo Logic offers the firm’s security team complete network visibility and collects data on all traffic going in and out of the network. The platform analyzes the previously unmanageable volume of alerts into a prioritized list of Insights that notify the team of activities that require analyst attention. Insights also help add context to give the team a more complete picture of each threat’s business impact to speed up response times. Finally, the dashboard shows visual representations of patterns and timelines so the team can quickly analyze trends for improved decision-making.