Fortune 500 Financial Services Company
Case Study

Fortune 500 Financial Services Company

Download Case Study PDF

Anvilogic enabled the Security Operations team to quickly import CrowdStrike Falcon Data Replicator (FDR) into Snowflake to unify and deploy quality detections in half the normal time.

5,000+

Hours Saved*

$1.2M

Dollars Saved

75

Use Cases Deployed

20+

MITRE ATT&CK Technique

"It's pretty awesome that you were able to find a real incident during the first week."
SOC Manager

{{cs-divider}}

Challenges

  • Lacked the ability to centralize, query and detect across multiple data silos and tools
  • Hard to maintain data normalization & enrichment with custom data sources
  • Difficult to develop, test, deploy and maintain detections, typically takes 45-72 hours per detection
  • Limited understanding of detection posture and data visibility gaps to drive improvements
  • Lacked a way to manage & deploy use cases across data in Snowflake and Splunk
  • Difficulty deploying complex detections correlating behavioral attack patterns

Highlights

The team was able to see immediate results pertaining to scale, reducing cost and increased detection coverage all within a week

  • Easily ingested and centralized 1TB daily of CrowdStrike FDR into Snowflake, totaling 7TB of raw events
  • Gained visibility into coverage gaps and quickly deployed 75 quality detections
  • Quickly escalate and respond to threats proven through 2 attack simulations from their red team that were detected
  • Saved millions instead of outsourced detections, as well as, by leveraging Snowflake security data lake that is a 30-60% cheaper alternative
  • Gained insights through Anvilogic's Automated Threat Detection (ATD) powered by Snowflake that helps to centralize hunting and triage interface, helping the team better correlate alerts and deliver uniform detections and response for Snowflake
  • Seamlessly normalized, enriched data to ensure consistency across data sources (e.g. Splunk, Snowflake) providing context for triage analysts


*1 hour for Anvilogic to setup and start deploying content with zero additional hours spent on Detection or SIEM Engineering. This was during week 1 of Anvilogic & Snowflake Trial.

Background

SOC Manager

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in