Expel

BeyondTrust, a global leader in intelligent identity and access security, faced a significant challenge as it expanded. The company needed to evaluate its security posture both internally and externally to understand the risks it faced. Given the high-stakes nature of BeyondTrust’s offering, they couldn’t afford a security breach that could damage the brand’s reputation and its bottom line. The company recognized the need for additional threat detection and automated remediation for assets across the world. This approach was needed to complement BeyondTrust’s own identity and access security solutions for complete coverage of on-premise and cloud assets. BeyondTrust wanted an adaptable and automated solution for faster detection and remediation to protect the company while keeping up with its rapid growth. The company initially selected and onboarded a managed detection and response (MDR) provider, but soon realized that its MDR’s slow response times and inadequate communication approach jeopardized its ability to quickly neutralize threats.

Corvus Insurance, a specialty insurance managing general agent, is committed to providing robust cybersecurity to its policyholders. The company's security team, led by Chief Information Security Officer (CISO) Jason Rebholz, recognized the need for robust detection and response capabilities as the company grew. They understood the importance of balancing their time between securing their environment and monitoring it against the latest security threats. To achieve this, they decided to rely on external experts for detection and response. However, the managed security services provider (MSSP) they had in place was not meeting their needs. Rebholz emphasized the importance of trust in outsourcing capabilities and sought a vendor that would guard their security as they would their own. After evaluating several managed detection and response (MDR) options, Rebholz found that none of them could match the capabilities and understanding of their cloud environment that Expel offered.

Matillion, a leader in data integration, faced a significant challenge as its customers increasingly adopted a cloud-first approach. The company's security requirements evolved to handle more users, complex use cases, and larger cloud workloads. Initially, Matillion deployed software into customer infrastructure, which allowed rapid expansion and ensured customers had full data sovereignty. However, as customers migrated to SaaS applications, Matillion had to continually evolve its strategy to protect new infrastructure vulnerable to attacks. The company's rapid global expansion and growing roster of enterprise customers further complicated the situation, as these customers scrutinized Matillion's security defenses. The company needed a solution that could keep pace with the rapidly evolving threat landscape and instill confidence in IT decision-makers about Matillion's cloud security.

Daylight Transport, a leading transportation and logistics company, experienced rapid growth over the years, leading to an increased transition to cloud infrastructure. The company was already security-conscious, understanding the major risks facing the industry, particularly the devastating potential of a ransomware attack. However, they felt their existing Managed Security Service Provider (MSSP) was too reactive and didn't provide the necessary information and visibility. They received alerts but no answers, leading to hours spent investigating these alerts. At times, a team of three employees had to work through over 1,000 alerts sent back from their MSSP each week. The MSSP also didn't provide monitoring and visibility across Daylight Transport’s environment, particularly in the cloud. To get more coverage, they would have needed to send additional logs from their Security Information and Event Management (SIEM), increasing both their MSSP and data transfer costs. As a result, the company decided it was time for a change to align with its more proactive security goals.

FIA Tech, a leading technology provider to the exchange traded derivative industry, faced a significant challenge in 2021. After announcing a $44 million investment by ten leading banks to fund its strategic growth, the company had to deal with increased security requirements. Pat Lefler, the senior vice president of risk and information security, and his team developed a three-pronged approach to increase visibility into its endpoints, network, and cloud services. They set up new endpoint protection with Carbon Black, SIEM and log file aggregation with Sumo Logic, and integrated Palo Alto’s Prisma through Panorama, as well as their cloud security signals from Microsoft and Amazon Web Services (AWS). However, they lacked the resources to monitor the myriad alerts they were receiving. They needed a Security Operations Center (SOC) that would integrate well with FIA Tech’s existing tech and could start monitoring quickly, given the rapid growth of the organization.

GreenSky, a leading fintech company, was grappling with the challenge of phishing, one of the most pressing security concerns for the organization. Despite having an extensive phishing education and awareness program in place, the company was still vulnerable to potential phishing attempts. The company's Vice President of IT Security and Business Continuity, Lori Temples, and her team had to dedicate a significant portion of their workday to phishing, leaving them with less time to focus on more strategic projects. They had invested in a tool to automate some of the analysis of potential phishing emails, but it lacked human touch and required the GreenSky team to play an active role in the day-to-day anti-phishing efforts. The team needed a solution that could efficiently manage phishing investigations, allowing them to focus on other strategic initiatives.

Ivanhoé Cambridge, a global real estate investment firm, was facing a significant challenge in managing a high volume of security alerts. The process of ingesting and reviewing these alerts was described as 'gruesome' by the Head of Security and Senior IT Security Manager, Patrick Gilbert. The team was often required to investigate alerts after regular business hours, leading to concerns about alert fatigue and potential team turnover. Gilbert was also keen to free up his team to focus on more strategic security initiatives unique to Ivanhoé’s business, such as creating an insider risk management model. The firm needed a security partner that could easily integrate with their existing tech stack, automate the response to millions of alerts, and demonstrate value to both the security team and the company’s executives.

In 2019, the Make-a-Wish Foundation was planning an IT transformation with a move to cloud infrastructure and SaaS applications. The organization had been using on-premises hardware and software to connect about 2,500 employees. However, the pandemic forced the nonprofit to shift to remote work, accelerating their cloud transformation by moving to Microsoft Azure. This rapid transition presented new security challenges. The foundation had to protect private data such as names, contact info, donation history, and medical records of wish recipients. The IT security team had to sort through thousands of alerts, identifying false positives from its on-prem environment and SaaS apps, and which required responses. The team also had to deal with the threat of business email compromise (BEC), a key attack vector for the organization.