SurveyMonkey

Goals

• Gain ongoing visibility into detection coverage
• Boost the SOC’s threat detection capability
• Continuously build, test, and deploy detections to defend against current and emerging threats

Challenges

• Tedious and manual effort to gain structured visibility into detection coverage
• Inability to operationalize MITRE ATT&CK framework across the SOC
• Inability to build, test, and deploy detections at the speed of changing landscape

‍

{{cs-divider}}

{{cs-background}}

{{cs-divider}}

{{cs-testimonial}}

{{cs-divider}}

Challenges

As Aristotle once said, “Knowing yourself is the beginning of all wisdom,” and that is precisely what SurveyMonkey’s SOC team sought to do as they started their transformation journey. They first began with identifying blindspots, which proved challenging given the various tools and capabilities deployed in their environment. In order to gain a holistic view of their coverage and gaps, Senior Manager of Information Security Ajish John explored building a homegrown solution. They needed a solution that would export their current detections, map them to the MITRE ATT&CK framework, classify log sources, do adversary to tactics, techniques, and procedure (TTP) mapping, and then adapt and update as the threat landscape evolved.

This manual exploration took about two months, and given the requirements, the team abandoned efforts to build a minimum viable product. During this analysis, Ajish identified feature gaps within their SIEM that limited the agility and scalability of detection development. He estimated that about 40% of the team’s efforts were spent developing detections. As a result, Ajish and the SurveyMonkey SOC team sought to adopt a solution that could act as a force multiplier for the team and bridge functionality gaps in their existing tools.

‍

Enter Anvilogic

Gaining visibility into detection coverage while operationalizing the MITRE framework is why the Anvilogic Modern SOC platform appealed to Ajish. In what took his team two months to do manually, Anvilogic was able to identify their detection coverage automatically in about five hours. Since deploying Anvilogic, the SurveyMonkey SOC team (consisting of Janice Chen, Nathan Weatherford, and Saurabh Jangid) has helped fill in the gaps of their SIEM — raising their maturity score from 19% to 90% within a year. The additional coverage and increased maturity have reinforced the confidence of new and existing enterprise customers, who trust SurveyMonkey’s ability to deliver bleeding-edge solutions while keeping security and privacy at its center.

“Before Anvilogic, it was a manual process going across different consoles. With the detection engineering part of Anvilogic, it has significantly saved us time. We weren't able to achieve this type of coverage if we were to do this manually,” says Ajish.

In addition to gaining visibility into their coverage, SurveyMonkey leveraged Anvilogic’s ready-made detection content for their existing cloud and endpoint tools, thus gaining back time from researching, building, testing, and deploying detections they would’ve had to do manually with their current SIEM. As a result, within a year, the SurveyMonkey team deployed over 500 detections, saving them over $600K in detection efficiency — effectively force-multiplying the team’s efforts.

Looking ahead, Ajish says now that they have continuous visibility into their detection coverage, he and his team can leverage the platform to gain better recommendations on what’s next to prioritize, what to allowlist, and start doing triage and analysis: “Anvilogic has been essential to getting us where we are and is the best partner we have in the security space.”