Starting out, this accounting firm’s security team only covered around 500 endpoints due to budget constraints. Over time, they expanded to support 8,000 endpoints. But despite the growth in endpoints, the security team stayed the same size. That meant each member of the team was responsible for monitoring 2,000 endpoints. As a consequence, they didn’t have time to do their own threat hunting nor respond to all the alerts flooding in.
To complicate matters more, when a new chief information security officer (CISO) came aboard in 2020, he needed to quickly prove the value of the company’s detection stack and security operations program. The security team at the time understood that they could only do so much with the resources they’d been given—Red Canary was critical to protecting the company from breaches.