Cost savings by adopting a modern SIEM-less architecture
Hours saved in 8 months
Improvements in MITRE ATT&CK coverage in 8 months
- Detect and respond to threats promptly to meet customer obligations and regulatory requirements
- Reduce risk and enable business revenue by implementing technical and non-technical measures
- Build and sustain a secure cloud-based product that upholds customer trust
- Difficulty reducing time to identify and respond to security threats and events
- Unable to quickly ingest correct log sources and build detections for those logs
- Complications operationalizing people, process, and technologies to continuously improve on security goals and priorities
As a company, Navan fully embraces a cloud-first approach, especially regarding its security strategy. With a booming global workforce and customer base, Navan needed to invest in security solutions that aligned with its overall business objectives, as well as helping it achieve efficient security operations. With Navan’s business growing fast and its attack surface growing alongside it, it became imperative that advanced detections needed to be built and deployed as their security tooling generated more logs due to growth.
Global Head of Security & Trust, Prabhath Karanth, says, “If you look at traditional SOC operations, the cost of log ingestion and storage is super expensive. As a security leader, I want to invest my dollars in areas where I can reduce security risk and move the security agenda forward. I don’t want to spend on infrastructure or log storage. I want to spend on the stuff that matters.” Previously, Navan invested in a security solution that limited their agile security team from meeting business and customer objectives due to a lack of out-of-the-box detections mapped to the MITRE ATT&CK framework and threat hunting capabilities. Prabhath describes needing a solution specializing in threat detection so Navan’s security team could focus their time on other high-impact tasks.
Navan fully adopted a modern SIEM-less data lake architecture with Anvilogic as their detection engineering platform and Snowflake as their security data lake. Anvilogic provides Navan with pre-built, pre-researched detection content and analytics capabilities to force-multiply their security team. Meanwhile, Snowflake provides a flexible, scalable, and cost-effective security data lake to store the growing number of logs from their tools. “We are a travel and fintech company, so we want to partner with the best security solution providers like Anvilogic to leverage their research. Combined with storing logs in Snowflake, there are significant cost savings from an overall SOC operations perspective,” says Prabhath.
By leveraging Anvilogic and Snowflake, Navan has achieved 70-80% cost savings and saved over 15K hours, improving efficiency in their SOC and incident response operations. The team can build, test, deploy, and customize detections as they need to fit their environment with Anvilogic, with MITRE ATT&CK coverage visibility, while ensuring they always have the logs available in Snowflake without worry about their ingestion costs skyrocketing. The team can also proactively hunt for advanced threats due to the AI-generated insights from the Anvilogic platform and the Unified Search capability that enables more security team members to quickly build Snowflake queries. Moving forward, Prabhath and his team are confident they can handle the unknowns that come their way: “Unknown threats are always going to be there, and that’s why we’re passionate about what we do. A key factor is to partner with the right ecosystem that’s continuously doing research to help you, and we’re super happy to partner with Anvilogic in taking us forward on our core mission to secure the company.”