This case study describes how Crest Data addressed these challenges by delivering a scalable solution optimized for easy on-premises deployment. This solution had a plug-in-based architecture, allowing easy and rapid integration of new platforms and the ability to exchange malware and malsite information. By enabling real-time log ingestion into customer SIEMs and automating ticket creation, Crest Data provided security analysts with tools for quick incident response. The solution provided the ability to monitor user risk scores and orchestrate automated actions based on risk fluctuations, resulting in enhanced overall security posture. 

About the Customer

The customer is a global leader in cloud security, taking a data-centric approach to protecting users and information across all environments. Their security platform offers unrivaled visibility and real-time threat protection for cloud services, websites, and private applications, accessible from any location or device. By operating one of the world’s largest and fastest security networks, the company provides sophisticated security solutions that address the complexities of modern cloud infrastructure.

Customer Challenge

The primary challenge that the customer faced was that of a critical need for an on-premises, scalable, and extensible security solution that could be seamlessly deployed within customer environments. As the security landscape grows due to various dynamics, enterprises feel the need to have a platform that is extensible to easily integrate and support new threat intelligence sources, SIEM systems, and a variety of ticketing platforms.

Furthermore, managing huge volumes of ingested security events presents a significant operational bottleneck. There was a need for a solution with a scalable architecture to match the pace of handling high-density data streams without compromising performance. In addition to data ingestion, the customer was also facing the challenge of automating complex security workflows, like sharing the real-time threat intelligence across third-party platforms and ensuring that critical device event logs are forwarded to central management systems for comprehensive analysis.

Proposed Solution

Crest Data extensively collaborated with the customer to design and develop a solution that could scale horizontally and could be easily deployed on-premises. The plugin-based architecture was the primary component of this solution, providing extensive flexibility to the customer to develop and upload their own plugins to integrate with various new platforms. 

Some of the main components of the implemented solution include:

• Threat Intelligence Automation: The solution ensured seamless and automated sharing of malware and malsite information between security platforms and various other third-party threat providers.
• Stremlined Incident Response: The solution facilitated automated ticket creation or sending real-time notifications in the form of emails or messages based on specific security alerts. These tickets were then directly delivered to the customer ticketing management platforms. 

• Unified and Holistic Visibility: The solution ensures seamless ingestion of critical security events and device logs into customer SIEMs ensure availability of data for security analysts for efficient monitoring.

• Risk-Based Orchestration: The platform provides the ability to monitor user risk scores and orchestrate automated actions on users based on fluctuations in their risk levels. 

Outcome and Success Metrics

The implementation of this solution has resulted in various key business outcomes:

• Seamless Third-party Integration: Enabled customers to seamlessly integrate with third-party threat intelligence providers, creating a holistic security ecosystem.
• Real-Time Incident Response: Security analysts could receive alerts and tickets in real-time inside their ticketing management platform, ensuring faster remediation.
• Enhanced Security Visibility: The solution streamlined the ingestion of critical logs into customer SIEM,s ensuring deep visibility for effective monitoring.
• Scalable On-Premises Performance: The system could efficiently handle huge volumes of security events without performance slowdown due to a horizontally scalable architecture that was easy to deploy on-premises.