Resources Case Studies
Managed Detection and Response

Red Canary MDR ensures a successful Microsoft Defender migration

By relying on Red Canary’s vendor-neutral MDR and expertise, a growing security team was able to switch to Microsoft Defender without sacrificing budget or missing a beat in their threat detection.

CoStar Group, Inc. (NASDAQ: CSGP) is the leading provider of global commercial real estate information, analytics and online marketplaces. Headquartered in Washington, DC, CoStar Group maintains offices throughout the U.S. and in Europe, Canada and Asia with a staff of approximately 4,900 worldwide. They currently have 11,000 endpoints.

Optimize global, cross-functional IT and security operations

In 2019, the security team at CoStar Group knew their antivirus solution was not enough to keep modern threats at bay.

They implemented an Endpoint Detection and Response (EDR) solution for an extra layer of protection, but operationalizing the tool proved to be a challenge for their small team.

Ultimately, they turned to Red Canary’s expertise and managed 24×7 threat detection and monitoring solution for help.

Fast forward to 2021. CoStar Group’s security operation, led by Grover Mewborn, Cybersecurity Technical Team Lead, has evolved into a small, yet mature operation.

Their latest endeavor: kicking off a migration to the Microsoft Defender security platform—replacing a number of their existing security tools, including the aforementioned EDR solution, with Microsoft Defender for Endpoint.

Keep pace with high company growth amidst a cybersecurity talent shortage

Rapid growth is great for business, but keeping pace can be a challenge for security teams. Amidst a backdrop of an expanding organization, CoStar Group’s CTO needed to answer two monumental questions:

  1. How can I scale my security operation while efficiently managing and administering multi-platform IT and the enterprise ecosystem?
  2. How can I attract seasoned cybersecurity professionals to join my young team and manage a disparate set of tools?

A single IT and security platform—backed by a security ally who evolves with you

CoStar Group’s IT operations and infrastructure teams have used Microsoft services like Office 365 and Teams for years. But upgrading to an E5 license has enabled them to take advantage of their existing services and tap into Defender’s security tools.

Grover and his team drove the switch to Defender for several key reasons. They believed it to be superior technology. They knew it would be easier to deploy and manage long-term. And they would only have one system to learn and administer.

Notably, replacing their existing EDR vendor is only the first step. They plan to swap out their antivirus tool, SIEM, and vulnerability management solutions with Microsoft security solutions.

Behind the scenes, CoStar Group is relying on Red Canary’s technology and expertise to help make the transition a success. In fact, Red Canary’s vendor-neutral approach to Managed Detection and Response (MDR) has empowered Grover and his team to switch tools without compromising budget or detection and response coverage.

“Red Canary is our SOC today,” Grover explains. “Their service has been invaluable both technically and in terms of helping us to understand the strategic threat landscape. We’ve been impressed by Red Canary, and expect continuing excellence as we grow together.”

Grover can also now use Red Canary MDR + Microsoft Defender to expand their threat detection and response capabilities to include identity-related alerts. “With identity there’s a lot of data and it’s difficult to track down. Red Canary far outmatches our ability to get high-fidelity detections and see the value of Defender for Identity alerts.”

Expanded detection coverage, security operations maturity, and improved response

From day one, Red Canary’s 24/7 MDR solution has enabled CoStar Group to modernize their security operation and threat detection and response cycle.

The small security team is more effective now that they are saving time and effort in event investigation. Red Canary MDR delivers only confirmed detections to customers, so Grover and his team know that each detection is a real threat and do not waste time.

Additionally, CoStar Group uses Red Canary’s automated response playbooks to respond to threats immediately, day or night.

In the first 30 days after deploying Defender alongside Red Canary, CoStar Group saw a nearly 50% reduction in mean time to respond (MTTR).

They’ve also seen an unexpected boon to their budget. Because Defender is bundled into the E5 license, which is paid for by the IT team, the security team now has additional opex budget for strategic investments and projects.

To learn more about this partnership and the benefits of using Red Canary MDR, watch our conversation with Grover Mewborn.