A privileged access management (PAM) company empowers more than 10,000 organizations around the globe, from small businesses to the Fortune 500, with a cybersecurity platform to control/secure access and permissions for users, processes, and systems across their IT/enterprise environments.
The mission
Overhaul legacy security infrastructure to meet the shifting needs of a dynamic IT provider
The security teams at this privileged access management company were maxed out managing multiple security tools to monitor and provide robust, relevant detection and response. Their corporate environment consisted of diverse endpoints and workstations of mostly Windows 10 and some Mac.
They turned to the Microsoft Defender security stack when faced with the need to conduct an organization-wide security overhaul replacing a legacy security infrastructure. The existing EDR, MDR, and antivirus tooling from multiple vendors was not integrated to work together seamlessly. The MDR solution itself generated 70-80% false positives, creating alert fatigue and a lot of unnecessary work for the security team.
Their Chief Information Security and Privacy Officer also realized that he needed the human element—eyes on glass—reviewing the raw data from Microsoft Defender for Endpoint to contextualize the information coming in and affecting the endpoints.
The challenge
Eliminate false positives without sacrificing depth of coverage
Their Chief Information Security and Privacy Officer understood the necessity of endpoint security as a part of basic security hygiene. However, his multi-vendor security infrastructure was generating too many false positives, making it difficult to wade through them all and investigate the numbers.
He and his small team found it nearly impossible to validate or invalidate the alerts individually. They were spending hours upon hours investigating endpoint alerts, especially during the COVID-19 pandemic with everyone working from home on untrusted networks and conducting personal business on work computers.
The solution
A managed detection and remediation platform
Their Chief Information Security and Privacy Officer began looking for a managed detection and response vendor that had deep expertise with Microsoft Defender for Endpoint and could help them maximize their investment. He chose Red Canary after learning that the team had a rich history with Defender and that the two product teams were closely aligned.
Red Canary’s user-friendly portal made analyzing confirmed threats simple. Their SOC team could drill into the details as deeply as needed and generate executive reports instantly. Red Canary became their first and second tier of endpoint analysis and remediation, only escalating issues that required his team to take action on the endpoint in a physical manner or on high-value assets.
The outcomes
Fewer, sharper alerts and better sleep at night
Since deploying Red Canary’s Microsoft Defender for Endpoint integration and managed detection and response solution, their security team has reduced alert fatigue. While they used to see alerts daily, the SOC team now averages about one a week. As an added benefit, they achieved these outcomes without deploying any agents.
Their Chief Information Security and Privacy Officer said, “I sleep well at night now that we’re not getting a lot of false positives or escalations coming through for remediation. This has really been a set-it-and-almost-forget-it relationship.”