SOAR’ing to Success: How a Leading Software Vendor Monitors FTP Traffic

Software vendors have loads of high-value data they need to protect — from customers’ personally identifiable information to the company’s intellectual property — so a data breach can be catastrophic. There’s a lot on the line if these types of organizations fall victim to a cyberattack, including fines from regulators or damage to their brand and reputation.

In these types of companies, engineers and developers often work with and share highly sensitive information, so it’s critical they adhere to the most stringent cybersecurity protocols and procedures when handling data. You might read that and say, “duh!” But negligence accounts for two out of three insider threat incidents, and 55% of organizations identify privileged users as their biggest insider threat risk.

So, how can security analysts not only spot attacks coming from external sources but internal sources, too? That’s what one leading Silicon Valley software vendor set out to do, and by using Devo SOAR, the team was able to better manage their company’s security risk – inside and out.

The Problem: Determining a Baseline for “Normal” Behavior 

The software vendor had identified unmanaged file transfer protocol (FTP) traffic as a potential risk. Their hundreds of developers needed to use FTP frequently, but given the volume of usage, the security team was concerned about spotting anomalies that could indicate nefarious activity.

However, it was incredibly challenging to determine what constituted “normal” behavior because each developer had different needs and usage patterns. Some developers would infrequently access a couple of directories, while others accessed dozens of directories daily. Building static rules to distinguish legitimate behavior from potentially dangerous activity was impossible — the team needed a more intelligent and adaptable solution.

The Solution: Using AI and Machine Learning to Identify Patterns 

To solve this challenge, the software vendor turned to Devo SOAR. Devo SOAR is an AI-driven platform that improves SOC efficiency by augmenting existing security systems and enabling security teams to better address the growing barrage of cyberattacks. Its patented decision automation capability is proven to exceed human accuracy, instilling confidence in analysts.

Devo SOAR’s AI and machine learning capabilities are ideally suited for establishing accurate behavior baselines for individual users. Once the software vendor’s security team had done so, they continuously monitored usage patterns and cross-checked this data with information about login failures and unusual access to other applications. 

With this granular and dynamic knowledge, it became easy to spot anomalies. The software vendor’s security team uncovered abnormal user behavior and correlated the anomalies with multiple other attack indicators, sparing the company from a potentially devastating incident while saving the SOC team a considerable amount of time.

Is your security team facing a similar challenge? Contact us to discuss how Devo can help.

Not ready for a trial? Read our Buyer’s Guide on Intelligent Security Automation.