Increased SOC efficiency by 50%
Proficio has increased data analyst productivity and improved the efficiency of its SOCs by 50% using Elastic Security.
Reduced threat detection time by 75%
Previously, Proficio aimed to detect critical threats in under one hour. Now with Elastic, mean time to detect is less than 15 minutes and mean time to respond is under four minutes.
Achieved 60% business growth
Proficio is meeting fast-growing customer demand by easily scaling up its security infrastructure with Elastic.
Managed security services provider uses machine learning and automation to provide cutting-edge cybersecurity, increasing efficiencies and delivering greater value to customers
Founded in 2010, Proficio is an award-winning managed security services provider (MSSP), delivering 24/7 security monitoring and managed detection and response (MDR) capabilities to customers around the world. The company is known for its advanced cybersecurity services that protect hundreds of organizations across many industries, including healthcare, financial services, and retail.
Proficio's team of security experts works from Security Operations Centers (SOCs) in San Diego, Singapore, and Barcelona to monitor security events and hunt for targeted attacks. This around-the-clock operation enables Proficio and its customers to stay ahead of cybercriminals who increasingly target vulnerabilities in cloud infrastructures and remote working networks.
A non-stop battle against cyberthreats
Brad Taylor, CEO and Co-Founder of Proficio, sums up the company's mission: "Today, it's a constant battle against cybercrime and we have to win every time. We must detect every attack on our customers before there's a compromise or breach that interferes with their operations."
Taylor and the Proficio team wanted to speed up detection and response times as much as possible and increase the automation of background processes. They were also looking for a more efficient way to generate the hundreds of security use cases and data visualization dashboards needed to keep up with the latest methods and technologies used by attackers.
"With our previous SIEM solution it was difficult to create different use cases for multiple vendors. It also lacked the advanced search functionality required when seeking data across all our customers and SOC environments," says Taylor.
Some of the Proficio team were using Elastic Security to explore content and analytics features that were more advanced than the incumbent SIEM environment. "The use of Elastic just kept expanding. The feedback was so positive that we decided to partner with Elastic and roll it out across the business," says Taylor.
Proficio now offers two models for the delivery of its managed detection and response services. The first is Elastic Security as a cloud-native platform hosted by Proficio combined with SOAR and Proficio's SOCs. "Our customers simply plug into our system, and we provide all the technology, people, and processes to service them," says Taylor.
Proficio refers to the second model as ‘Bring your own SIEM'. If a customer is already using Elastic Security, Proficio helps them manage their environment and add content, with the option to bring in support from Proficio's SOCs.
Boosting threat visibility
A key area where Elastic Security has boosted Proficio’s performance is threat visibility. "With Elastic, we can bring in data from just about anywhere," says Taylor. "This includes APIs, beats, agents, and endpoints. It doesn't matter where the security devices are. We can also factor in the business context, vulnerability data, and threat intelligence data, which enhance visibility and discovery for Chief Security Officers."
Visibility also depends on the ability to interrogate data from multiple sources. Elastic enables Proficio to create multi-variable threat detections and rules across many suspicious indicators using multiple log sources. It can then create a use case for a log source type and quickly apply it to all its vendors.
Elastic Security really shines compared with other SIEMs if you need to build content for multiple different vendor devices in a specific category across hundreds of customers.
Elastic Security also streamlines access to large volumes of historical data that support threat resolution. With Elastic, Proficio can keep this data in searchable cold storage, or an Amazon S3 storage bucket that can be online within an hour. "Nine months of logs may need to be accessed at times," says Taylor. "Elastic is a game changer for accessing huge amounts of data quickly."
Search capabilities have also improved. Proficio can now inspect large, broad data sets and get faster results from a single search field. For instance, if Proficio detects a vulnerability or breach with one of its customers, it can search for similar indicators across other organizations and take action as needed.
With Elastic you can build a quick search and look across hundreds of different customers very rapidly, which is truly awesome.
Additionally, Proficio creates custom Kibana dashboards to display trend analysis, KPIs, and other metrics. "Because we're collecting data from many different customers, we can show Chief Security Officers how they compare with their peers. Elastic gives us tremendous visibility across the entire security management landscape," says Taylor.
Using machine learning to help thwart cyberattacks
Proficio has started to use Elastic machine learning capabilities to further boost threat visibility. This includes more than 100 machine learning models that complement existing static correlation rules.
Elastic machine learning has given us a new dynamic for discovering sophisticated targeted attacks. Automated anomaly detection coupled with fast, broad-based search gives us visibility where we didn’t have it before.
Elastic also integrates with other Proficio ITSM (IT service management) platforms via its ServiceNow structured response engine.
Elastic gives us the power to undertake bidirectional integration with other ITSM platforms. If a threat is detected, we can perform some orchestration and enable a response on the customer side as well.
Accelerating threat detection
To stay ahead in the race to protect businesses against cyberattacks, Proficio has combined its own threat detection platform, which has about 40 feeds, with Elastic. "This helps us to specify the nature of a threat and its severity. We then use this information to determine and prioritize response actions," says Taylor.
As a result, the company has seen a dramatic improvement in the pace and efficiency of its services. With its previous SIEM solution, Proficio had a target of under one hour to detect a critical threat. With Elastic, it is less than 15 minutes, with a mean response time of under four minutes.
Elastic Security has enabled us to cut our mean detection time by 75%. In addition to automated alerts, being able to build operational models within Elastic gives us the ability to quickly determine whether a threat is active or not.
At the same time, Proficio has seen an uptick in data analyst productivity and the overall efficiency of its SOCs has increased by 50%. Elastic Security also enables Proficio to manage all of its remote connections and agents at a central location, which further helps improve efficiency and reduce costs.
Our migration to Elastic gives us the best of both worlds. Being more efficient has a positive effect on our cashflow, but it also has inspired our people by giving them the best tools to do their job.
The Elastic Consulting team plays a vital role as the Proficio business grows. "Whenever we need help, we quickly hear from the Elastic experts that we need. The response is always fast and proactive. They are great partners," says Taylor.
In the future, Taylor and his team are looking forward to deploying the latest Elastic SOAR tools that accelerate incident remediation in addition to the existing operational and security workflow. Analysts will be able to utilize the customizable orchestration capabilities within Elastic Security, or the one-click integrations with other leading SOAR providers.