Fortune 500 Financial Services Company
Anvilogic enabled the Security Operations team to quickly import CrowdStrike Falcon Data Replicator (FDR) into Snowflake to unify and deploy quality detections in half the normal time.
Download Case Study PDF
5,000+
Hours Saved*
$1.2M
Dollars Saved
75
Use Cases Deployed
20+
MITRE ATT&CK Technique
"It's pretty awesome that you were able to find a real incident during the first week."
SOC Manager
{{cs-divider}}
Challenges
- Lacked the ability to centralize, query and detect across multiple data silos and tools
- Hard to maintain data normalization & enrichment with custom data sources
- Difficult to develop, test, deploy and maintain detections, typically takes 45-72 hours per detection
- Limited understanding of detection posture and data visibility gaps to drive improvements
- Lacked a way to manage & deploy use cases across data in Snowflake and Splunk
- Difficulty deploying complex detections correlating behavioral attack patterns
Highlights
The team was able to see immediate results pertaining to scale, reducing cost and increased detection coverage all within a week
- Easily ingested and centralized 1TB daily of CrowdStrike FDR into Snowflake, totaling 7TB of raw events
- Gained visibility into coverage gaps and quickly deployed 75 quality detections
- Quickly escalate and respond to threats proven through 2 attack simulations from their red team that were detected
- Saved millions instead of outsourced detections, as well as, by leveraging Snowflake security data lake that is a 30-60% cheaper alternative
- Gained insights through Anvilogic's Automated Threat Detection (ATD) powered by Snowflake that helps to centralize hunting and triage interface, helping the team better correlate alerts and deliver uniform detections and response for Snowflake
- Seamlessly normalized, enriched data to ensure consistency across data sources (e.g. Splunk, Snowflake) providing context for triage analysts
*1 hour for Anvilogic to setup and start deploying content with zero additional hours spent on Detection or SIEM Engineering. This was during week 1 of Anvilogic & Snowflake Trial.