TierPoint is a leading provider of secure, connected data center and cloud solutions at the edge of the Internet with thousands of customers.
At TierPoint, I’m responsible for maintenance and development of the information security program, which includes threat analytics, incident response, and digital forensics. We’re constantly looking for new and even more effective ways to aggregate, process, and make decisions from massive amounts of data streaming in from diverse sources. Nowhere are such efforts more important than in the realm of IT security.
We wanted a strong analytics platform effective at helping us further enhance our robust IT security protocols. Among other requirements, the platform we sought needed to easily ingest, analyze, and enrich threat data from disparate inputs, like log events and emerging-threat feeds from various sources. This would allow us to make better-informed decisions even faster at a time when attacks are becoming more complex, more frequent, and sponsored by nation states and criminal organizations.
That’s why we chose the Elastic Stack, which helped us reduce investigation times in some cases by as much 400%. From a forensics perspective, speed and accuracy make all the difference.
Hacking sophistication demands dynamic IT security systems
The constant evolution of hacker sophistication requires a better understanding of “normal activity” to enable organizations to improve their detection of anomalies, shifts in the cyber threat landscape, as well as emerging threats. In other words, robust data analysis that enables the improved definition of a current state — evaluated against yesterday, last week, last quarter, and last year — equates to the quicker identification of events not seen before.
We have embraced a tool that can analyze this disparate data and combine it with other sources. This platform centralizes information and better automates the process of updating key stakeholders on historical trends, shifting attack vectors, existing levels of protection, and real-time corrections required to enhance those levels of protection.
We moved away from limited, pre-defined rule sets and expanded our ability to more quickly understand and respond to new types of data. With Elastic, TierPoint is achieving more centralized data analysis, in addition to getting a “single pane of glass” view of our security data with Kibana, regardless of its source.
Leveraging Elastic beyond the security use case
During our time harnessing Logstash to ingest security data into Elasticsearch, we realized the ease by which the Elastic Stack could provide additional analytics of data sources that extend beyond the capabilities of a traditional SIEM platform. Elastic is currently helping us gain augmented insights on overall DNS traffic and flows across our internal networks, which is enabling us to identify ways in which those networks might be further optimized.
This was a big lesson learned, and underscores that Elastic can be leveraged beyond information security to add more value to your business.
Mark Sellers has more than 20 years of experience in the service provider space. He is a standing member of ISACA and ISSA International. As a vice president, Sellers manages the team of professionals responsible for maintenance and development of TierPoint’s information security program, including threat analytics, incident response, and digital forensics.