At a Glance
- Enable greater visibility into the firm’s on-premises and cloud data
- Make the firm’s SOC analysts more productive and efficient
- Ability to scale with the company’s future data volume projections
About The National Financial Services Firm
Seeking to make its SOC more effective, a top national financial services organization identified increased visibility into all of its environments as an urgent need. The firm is in the midst of a digital transformation and currently has a mix of on-premises and cloud computing data feeds.
The incumbent, LogRhythm, was failing to ingest cloud data from AWS CloudTrail and other services. This, combined with prior product issues, compelled the financial services firm to seek a replacement.
Wanted: A Solution To Handle Cloud And On-premises Data, Including AS/400
A large national financial services firm with branches in most U.S. states is well into a digital transformation. Prior to this project, the security team was aware their ineffective SOC required modernization.
The company had been a longtime LogRhythm customer, but during its transition to the cloud the firm discovered that LogRhythm could not ingest cloud data from services such as AWS CloudTrail, Office 365, and Azure.
This major shortcoming, compounded by other historic LogRhythm product issues including the inability to deliver desired functionality—data field limitations, difficulty creating custom rules and alerts, challenges integrating custom threat intelligence, and complex threat-hunting workflows—all served to highlight the firm’s past issues with LogRhythm.
The firm also had ongoing and future on-premises data needs, such as firewalls, proxy logs, Windows servers, applications, and even AS/400 data. All of these issues compromised SOC performance, making the decision to shed LogRhythm easy.
Several critical capabilities made Devo attractive to the customer, including:
- The ability to ingest machine data in raw format—especially unstructured data—from on-premises and cloud sources such as cloud provider log files, firewalls, and security, as well as older legacy systems
- The ability to smoothly ingest multiple terabytes of data and query as needed
- The ability to easily analyze data using Devo Activeboards, which bring machine data to life with rich visuals, intuitive dashboards, and interactive capabilities
- Many large enterprises successfully use Devo, demonstrating a proven track record that exceeds this company’s requirements
The firm expects to be up and running quickly and plans to evaluate Devo Security Operations.