This global financial services client is under the heavy burden of ever-changing industry regulation. Offering credit cards and both consumer and commercial banking, the organization is constantly adjusting and improving their security profile to stay in compliance with national and global privacy laws.. The client was constantly hit by targeted attack campaigns intended to penetrate the network and steal customer data. Stopping these attacks was challenging, and sometimes their protection efforts were too late due to niche technology and manual processes. A large part of the problem was the client’s bloated endpoint security stack — with 7+ endpoint tools running simultaneously, causing constant alerts and false negatives.
The SOC and IR teams were tasked with monitoring for suspicious activity, identifying threats, determining legitimacy, and projecting potential impact. These decisions were often based on incomplete data and manual collection of Sysmon data, which was too slow and resulted in attacks that were identified too late or missed altogether. The security team was looking for an endpoint tool that could address their existing problems of:
- Manual and slow methods in identifying and resolving targeted attacks
- Lack of visibility to provide management with health check of the enterprise
- Reduction of the large footprint of 7+ agents in their endpoint security stack