Fortune 500 Financial Services Company

Financial Services
Share:
5,000+
Hours Saved*
>1.1M
Dollars Saved
75
Use Cases Deployed
50%
Less time to depoly quality detections

Anvilogic enabled the Security Operations team to quickly import Crowdstrike Falcon Data Replicator (FDR) into Snowflake to unify and deploy quality detections in half the normal time

Download the infographic

CUSTOMER PROFILE

  • $7.6B+ annual revenue
  • 7,500K Employees
  • Snowflake + Splunk
  • Caught 2 red team attack simulations

CHALLENGES

  • Lacked the ability to centralize, query and detect across multiple data silos and tools
  • Hard to maintain data normalization & enrichment with custom data sources
  • Difficult to develop, test, deploy and maintain detections, typically takes 45-72 hours per detection
  • Limited understanding of detection posture and data visibility gaps to drive improvements
  • Lacked a way to manage & deploy use cases across data in Snowflake and Splunk
  • Difficulty deploying complex detections correlating behavioral attack patterns

HIGHLIGHTS

The team was able to see immediate results pertaining to scale, reducing cost and increased detection coverage all within a week

  • Easily ingested and centralized 1TB daily of CrowdStrike FDR into Snowflake, totaling 7TB of raw events
  • Gained visibility into coverage gaps and quickly deployed 75 quality detections
  • Quickly escalate and respond to threats proven through 2 attack simulations from their red team that were detected
  • Saved millions instead of outsourced detections, as well as, by leveraging Snowflake security data lake that is a 30-60% cheaper alternative
  • Gained insights through Anvilogic's Automated Threat Detection (ATD) powered by Snowflake that helps to centralize hunting and triage interface, helping the team better correlate alerts and deliver uniform detections and response for Snowflake
  • Seamlessly normalized, enriched data to ensure consistency across data sources (e.g. Splunk, Snowflake) providing context for triage analysts

"It's pretty awesome that you were able to find a real incident during the first week."
– SOC Manager

*1 hour for Anvilogic to setup and start deploying content with zero additional hours spent on Detection or SIEM Engineering. This was during week 1 of Anvilogic & Snowflake Trial.

Chat with our team to receive a free maturity assessment

Get in Touch

On-Demand Webinar: See How the Fortune 500 Customer Detects Attacks

Watch Now