This organization originally had LogRhythm SIEM, but experienced several challenges:
- Hundreds of new security events per day (with an environment of around 5,000 servers), but only a small team to handle them.
- Limited time to run investigations and ratify normal activity.
- Increased administrative overhead with constant rule tuning.
- Limited ability to create new alerts based on extended baselines that help identify abnormal behavior.
- Limited dashboard creation capabilities to help with threat hunting.
The organization needed a solution to monitor privileged account usage, including details such as login times and machines used, as well as typical activity patterns for items such as configuration changes.
“We were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the ‘latest greatest system’. But it exceeds what our initial expectations were for being able to detect different cyber threats.”
Download this case study to learn more.