Financial Services

Personal Capital protects its wealth management systems and customers from cyberattacks with Elastic Security

Faster threat detection and resolution

With Elastic, Personal Capital can detect and respond to security issues much quicker than before.

Comprehensive data gathering and error detection

The company gains a complete picture of its IT defenses so that no data is overlooked and all errors are addressed.

More flexible and cost-effective response to regulation

Data can be flexibly held in hot and cold storage to streamline and reduce the cost of compliance.

Personal Capital secures its IT systems using Elastic Security solution

With more than 3.3 million users and $22.7 billion in assets under management in the United States, Personal Capital is one of the country’s leading wealth management and financial advice organizations. Founded in 2009, its mission is to transform the lives of customers with award-winning online planning tools supported by a team of financial advisors.

Related to this mission, the company and its customers use tools that need to be supported by innovative information systems. Personal Capital runs its business-critical systems in an infrastructure as a service (IaaS) cloud environment hosted on AWS.

The Personal Capital Security Team protects the company against cyberthreats while ensuring the availability of applications, data, and other technologies.

Cybersecurity is a priority

As a cloud-based business, availability and visibility of systems data is critical for rapid incident detection and resolution. Without data, the source of an anomaly can be lost before there is a chance to investigate it.

– Maxime Rousseau, Chief Information Security Officer, Personal Capital

As financial services is a highly-regulated industry, Personal Capital must preserve historical data according to stringent industry rules. "We needed a technology that automated the ingestion and transformation of data from all sources to meet the needs of stakeholders, from internal teams to regulators," says Eric Sekercan, Security Team Lead, Personal Capital.

Discovering a comprehensive cloud security solution

We were really struck by the comprehensive data collection and transformation features that Elastic Security offers. The API integrations were also a massive improvement from our previous solution and were a big factor in our decision to go with Elastic.

– Eric Sekercan, Security Team Lead, Personal Capital

Personal Capital deployed the Elastic Security solution using Elastic Cloud on AWS for the data management and security analysis capabilities the solution offers, including endpoint and cloud security monitoring. Elastic is also used to facilitate the company’s internal vulnerability and patching management.

One of the greatest strengths of Elastic Security is its flexibility. It includes all the agents that we need to ingest data from a wide variety of cloud environments, applications, and databases. We now have a unified approach to our security data and can detect issues quickly as well as meet the data conservation requirements of financial regulators.

– Maxime Rousseau, Chief Information Security Officer, Personal Capital

Reducing MTTR, optimizing data storage

The deployment of Elastic Security has dramatically decreased the mean time to respond and gives Personal Capital more flexible control over the security data lifecycle. “We can configure Elastic Security to our exact needs, especially when it comes to data conservation. We use Elastic’s Frozen Tier and Searchable Snapshots for more cost-effective hot and cold data management,” says Sekercan.

Additionally, the Elastic pricing model is much more cost-efficient than before. Personal Capital now pays for how data is used, not the volume of data consumed. Instead of paying for features that aren’t needed, the security team can fine-tune Elastic Security for greater control and visibility over their annual spend.

Elastic Security delivers value including more freedom to do things such as automating processes, enriching data, and filtering false positives. The impact of that value can be multiplied across the organization.

– Maxime Rousseau, Chief Information Security Officer, Personal Capital

Elastic enables us to identify cyberthreats that might be lurking on the network. We can track down malicious files and delete them or pull them into the Elastic dashboard for further analysis.

– Eric Sekercan, Security Team Lead, Personal Capital

Fast support response for a secure future

Personal Capital is also appreciative of the responsiveness of the Elastic support team.

We view Elastic as a long-term partner that understands our security priorities and our broad business goals. We’re really impressed with the solution they’ve delivered and the capabilities that they are building into future releases.

– Eric Sekercan, Security Team Lead, Personal Capital