Business snapshot
Listed on the Fortune 1000, this mutual insurance company has a dedicated security team of 20 employees safeguarding over 5,000 endpoints and protecting nearly 3,000 employees.
The challenge
Over the last 10 years, this insurance company has been building out their security program, expanding its expertise while cultivating a highly trained and effective team. However, the disruption caused by the COVID-19 pandemic resulted in the departure of key security personnel. While they rebuilt their security operations center (SOC), their director of information services started exploring the managed detection and response (MDR) market to solve several security challenges.
As he explained, “Security is ever-evolving, and there are new types of threats every day. We run a pretty lean team, and as you get into detection engineering, building out use cases, and similar tasks, there comes a point where you can get a lot of value out of a service provider that does those things every day. We knew we wanted to keep our SOC and continue to mature our program, but we had enough strategic objectives where bringing in a MDR partner would lighten my team’s load and allow them to focus on those initiatives.”
The Solution
“Red Canary alleviated some of the day-to-day doldrums of support, alerting, and other Level 1 tasks, giving our SOC engineers more latitude to work on strategic objectives.”
DIRECTOR OF INFORMATION SERVICES
FORTUNE 1000 INSURANCE COMPANY
Out of nearly 15 managed service providers considered, three promising options were selected by this Fortune 1000 insurance company for proof of value (POV) evaluations. During the POVs, it became evident that one of the providers lacked transparency and failed to reduce mean time to detect (MTTD). Another not only relied too heavily on existing alerts, configurations, and detections, but lost the director of information services’ trust in the quality of the product when they significantly slashed prices during negotiations. Fortunately, one provider aligned with the insurance company’s primary objectives, which included better security risk management, ensuring uninterrupted security operations in the event of personnel turnover, and fortifying their internal automation capabilities with 24/7/365 coverage. This provider was Red Canary.
During the POV, Red Canary called upon its in-house experts from Threat Intelligence, Detection Engineering, and Threat Hunting. This engagement facilitated crucial conversations that allowed the insurance company’s security team to immerse themselves in the Red Canary culture and gain insights into the partnership’s potential. “Ultimately, our decision was based on the trust and gut feel we had with Red Canary. We knew their team could support our needs as we continued to mature.”
The outcome
“Red Canary has allowed our team to operate as a high-functioning SOC and information security team with the assurance of stronger, 24/7/365 coverage.”
DIRECTOR OF INFORMATION SERVICES
FORTUNE 1000 INSURANCE COMPANY
Following procurement, this Fortune 1000 insurance company integrated their Endpoint Detection and Response (EDR) telemetry with Red Canary and made it a point to track and analyze metrics relating to the support efforts of their SOC. Their director of information services stated, “Our goal in procuring a service was to see that daily effort trickle down and allow my team to focus on strategic objectives. We found that Red Canary allowed our team to focus on the broader picture and build things out to a degree we hadn’t been able to before. Additionally, in talking to the various experts at Red Canary, we realized that they truly understand the industry and can provide good insights. It was eye opening to know that we had a partner beyond the service.”
Their director of information services went on to highlight several additional benefits:
Building security resilience
“We’re a risk management company, and when it comes to security, it’s important to guard ourselves against the impact of future attrition. Red Canary helps us manage that risk, so if we do experience turnover, I feel safe knowing that we’ll be able to maintain the integrity of our security operations while our SOC engineers build their proficiency.”
Clear, transparent communication
“So that our internal team wouldn’t lose their edge, clear transparency between our service provider and our SOC was a must. Red Canary offered that. My team likes knowing what’s going on, so being able to plug in our EDR allowed us to see how Red Canary was responding and gave us the ability to communicate in real time.”
From partner to trusted advisor
“We knew we were going to be modernizing our toolset and had some preliminary EDR discussions with the Red Canary team, which provided valuable insights and success criteria. As we modernize our SIEM now, it’s been fun to bounce ideas off of the Red Canary team, and in turn, gain insights from their experts.”
Ready for what’s next
“From a business perspective, we saw a strong security company in Red Canary—one that was very stable and grew without overextension. Looking forward, I’m eager to see the evolution of Readiness Exercises and other features coming to Red Canary. It shows that they continue to invest in the product and broaden their capabilities.”
In conclusion
This Fortune 1000 insurance company’s journey to enhance their security program and adapt to pandemic-related disruptions culminated in a transformative partnership with Red Canary. With Red Canary’s transparency, threat detection expertise, and deep industry knowledge, they successfully offloaded Level 1 support responsibilities, empowering their in-house SOC to focus on strategic initiatives. In the process, they also gained stronger 24/7 coverage and a trusted advisor, elevating their security posture and positioning them for ongoing growth and adaptability in an ever-changing threat landscape.