About The Global Survey Company
A global leader in online employee and consumer surveys decided to replace Rapid7 as its SIEM provider, due primarily to a lack of visibility into a wide range of cloud and on-premises data sources.
SaaS Scalability was another major issue this company was having with Rapid7. The survey provider was growing quickly outside of the U.S. and its SOC performance was unacceptably low as its data volume grew.
Wanted: A Solution To Handle Diverse Data Types And Scale To Accommodate Increasing Volume
One of the largest providers of online employee and consumer feedback solutions found its growth hampered by the lack of visibility into its infrastructure. Despite offering cloud services, the company still ran key applications on-premises and Rapid7 was unable to ingest cloud data, such as AWS logs, and combine it with on-premises data for analysis.
As it grew globally the company also found that Rapid7 was having difficulty scaling to accommodate the company’s substantial data volume growth. These challenges led to a decision to move on from Rapid7. But SOC performance also was suffering, as analysts’ threat-hunting and investigation work required too much manual effort.
This led to unacceptably high MTTR metrics because analysts were unable to quickly hunt, investigate, and remediate cybersecurity incidents.
The survey company wanted UEBA capabilities included in its new SOC solution, so it also evaluated Exabeam. Ultimately, the survey leader chose Devo for its superior built-in entity modeling, as well as its ability to deliver on the other requirements.
Several critical capabilities made Devo attractive to the customer, including:
- The ability to ingest machine data in raw format from any source, including AWS log files, Palo Alto Networks firewalls, Crowdstrike, and Okta, and combine it with on-premises sources into a single data view
- The ability to easily scale and smoothly ingest large volumes of data (e.g., multiple terabytes) and query as needed
- An interface with easy-to-use Activeboards enabling both advanced and novice security professionals to hunt and investigate threats faster
- The ability to find hidden signals and understand behavioral change using machine-learning models to classify entity behavior changes over time—similar to the way a social network behaves conceptually—while also classifying, predicting, and characterizing hard-to-detect malicious domains
Once this survey leader is up and running on the Devo Platform, the company plans to start using Devo Security Operations as the next-gen SIEM in its SOC.