Customer Story
Global Financial Institution
ExtraHop Helps Global Financial Institution Improve Banking Security with Real-Time User Behavior Analytics
Alleviated data pipeline and reduced costs by only indexing actionable insights
Improved speed and accuracy of alerts on suspicious events
Faster investigations from threat alert to packet data in three clicks
The Beginning
This global financial institution sought to improve security and compliance with real-time user behavior analytics
Today, banking customers expect to access their accounts and manage their finances from any device, in any location, with the same level of consistent service and security. For IT and security operations teams, providing both of these things is no simple task.
For one global financial institution, finding the right balance between security and user experience came to a head when the security team wanted to incorporate real-time user behavior analytics into their authentication process. In order to do this, the security team needed to capture thousands of customer logins each minute, across dozens of banking applications, and stream this information into their Security Information and Event Management (SIEM) solution. While this measure would improve security and compliance, it also would have significantly impacted end-user experience over time. In order to align security priorities with IT operations requirements around system performance and user experience, the financial institution needed to find a better way to get the user behavior data into their SIEM.
In the past we have paid tens of thousands of dollars to outside contract vendors to do less than a 10th of what you have shown us in the amount of time the appliance has been onsite.
Sr. Mgr. of Operations
,
Major Financial Corporation
The Transformation
Turns out there was a solution already being leveraged for performance management.
The Outcome
ExtraHop gets the user behavior data the security team needed to stream into their SIEM.
Within four hours of deployment, ExtraHop was streaming user behavior data to the SIEM. Over the next several weeks, ExtraHop proved it could reliably capture, analyze, and stream the desired application information, alerting on activity as specific as users who had five failed login attempts in five minutes or less - behavior indicative of a possible hack attempt. By capturing this metric data on the wire, ExtraHop reduces the index volume and increases insight quality, alleviating data pipeline and ingest bottlenecks.
Faster Alerts
As a result of contextual analytics that provided more selective data capture and filtration, the security team significantly reduced ingest bottlenecks. The quality and reliability of the data also improved both the speed and accuracy of alerts on suspicious events related to user behavior. This allowed the team to react much faster, locking affected accounts or notifying information security personnel quicker than ever before.
Smarter Workflows
ExtraHop also improved the financial institution's threat investigation workflows. Rather than sifting through packets, the security team can now go from the initial threat alert to transaction-level details and corresponding packets in just three clicks. This on-demand root-cause analysis enables them to rapidly investigate attack patterns, helping mitigate the impact on customers and the business.