With Elastic, Personal Capital can detect and respond to security issues much quicker than before.
The company gains a complete picture of its IT defenses so that no data is overlooked and all errors are addressed.
With more than 3.3 million users and $22.7 billion in assets under management in the United States, Personal Capital is one of the country’s leading wealth management and financial advice organizations. Founded in 2009, its mission is to transform the lives of customers with award-winning online planning tools supported by a team of financial advisors.
Related to this mission, the company and its customers use tools that need to be supported by innovative information systems. Personal Capital runs its business-critical systems in an infrastructure as a service (IaaS) cloud environment hosted on AWS.
The Personal Capital Security Team protects the company against cyberthreats while ensuring the availability of applications, data, and other technologies.
As a cloud-based business, availability and visibility of systems data is critical for rapid incident detection and resolution. Without data, the source of an anomaly can be lost before there is a chance to investigate it.
As financial services is a highly-regulated industry, Personal Capital must preserve historical data according to stringent industry rules. "We needed a technology that automated the ingestion and transformation of data from all sources to meet the needs of stakeholders, from internal teams to regulators," says Eric Sekercan, Security Team Lead, Personal Capital.
We were really struck by the comprehensive data collection and transformation features that Elastic Security offers. The API integrations were also a massive improvement from our previous solution and were a big factor in our decision to go with Elastic.
Personal Capital deployed the Elastic Security solution using Elastic Cloud on AWS for the data management and security analysis capabilities the solution offers, including endpoint and cloud security monitoring. Elastic is also used to facilitate the company’s internal vulnerability and patching management.
One of the greatest strengths of Elastic Security is its flexibility. It includes all the agents that we need to ingest data from a wide variety of cloud environments, applications, and databases. We now have a unified approach to our security data and can detect issues quickly as well as meet the data conservation requirements of financial regulators.
The deployment of Elastic Security has dramatically decreased the mean time to respond and gives Personal Capital more flexible control over the security data lifecycle. “We can configure Elastic Security to our exact needs, especially when it comes to data conservation. We use Elastic’s Frozen Tier and Searchable Snapshots for more cost-effective hot and cold data management,” says Sekercan.
Additionally, the Elastic pricing model is much more cost-efficient than before. Personal Capital now pays for how data is used, not the volume of data consumed. Instead of paying for features that aren’t needed, the security team can fine-tune Elastic Security for greater control and visibility over their annual spend.
Elastic Security delivers value including more freedom to do things such as automating processes, enriching data, and filtering false positives. The impact of that value can be multiplied across the organization.
Elastic enables us to identify cyberthreats that might be lurking on the network. We can track down malicious files and delete them or pull them into the Elastic dashboard for further analysis.
Personal Capital is also appreciative of the responsiveness of the Elastic support team.