Customer Story Internet Media Brand Replaces Home-Grown SIEM with Devo Security Operations At a Glance Provide the ability to handle performance spikes on cloud platforms during peak traffic events Multitenant capability that enables the corporation’s nearly 200 business units to maintain their own separate data while also being part of a common SOC The ability to easily scale and manage nearly 10TB of data ingest Industry: Internet Location: North America About The Internet Brand Company Building an in-house SIEM was going to cost a global internet brand company more than US$700,000 each year to operate and maintain. That price tag prompted the organization’s security leaders to realize the initiative was simply not practical. The company attempted the homegrown SIEM project for two reasons: to consolidate the wide variety of tools it already was using and to create a shared SOC that its nearly 200 business units could leverage for their own security efforts. Customer Quick Facts Challenge A global internet brand company’s homegrown SIEM project was failing; it was slow, unable to handle the data volume, and unreliable. It also carried an estimated annual cost of more than US$700K to maintain and operate. Solution After evaluating several vendors, the company selected Devo Security Operations for its high-performance investigative workflow, which enables fast, accurate, and cost-effective threat hunting and remediation. Requirements Powerful investigative workflow to reduce MTTR Smoothly handle performance spikes during peak traffic events Multitenant capability to support nearly 200 separate business units Ingest machine data in raw format from any source at a high volume Wanted: A Security Operations Platform Capable Of Supporting Numerous Companies And The Cloud The worldwide internet organization had a huge problem trying to perform security monitoring on its cloud applications and systems; the workloads and data volume were simply too high for fast and accurate threat hunting and remediation. This company, like many large organizations comprised of individual companies, urgently wanted to establish a single SOC with standardized security tools the corporation and all of its business units could use.An ambitious project was begun to build an in-house SIEM to serve the corporation and its business units. But after more than a year of development, the company’s security leaders were frustrated because the SIEM was unreliable, slow, and expensive. This caused the company to seek a commercial solution, with Devo among several providers evaluated. Why Devo Several critical capabilities made Devo the right choice for the organization, including: Being the first security operations solution to combine critical security capabilities with auto enrichment, threat intelligence, community collaboration, a central evidence locker, and a streamlined analyst workflow, making security analysts more effectiveThe ability to smoothly handle performance spikes on cloud platforms during peak traffic eventsMultitenant capability that enables the corporation’s nearly 200 business units to maintain their own separate data while also being part of a common SOCThe ability to easily scale and manage nearly 10TB of data ingest Next Steps The parent company has chosen one business unit to initially implement the Devo solution and will then quickly roll it out to the other businesses. Once this occurs, all of the nearly 200 companies will benefit from the shared SOC resources, data, and insight to help them address cyberthreats and protect their businesses as well as the private data of millions of customers.