Alteryx
Learn how Alteryx blends legacy systems harmoniously with modern infrastructure utilizing the Anvilogic platform.
Highlights
- Anvilogic simplified the process of creating detection use cases by providing a visual builder, reducing the time and effort required for building and testing
- Anvilogic’s platform allowed for better control over costs by decoupling the detection layer, providing flexibility in budget allocation
- The integration with MITRE ATT&CK framework facilitated maturity assessments, helping the team understand their security posture and identify areas for improvement
- Anvilogic's unified search capability made it easier to query and search data, regardless of the underlying technology stack, streamlining the analysis and investigation of security incidents.
Goals
- Integrate a capability to easily deploy security threat detection use cases
- Develop a framework to evaluate and measure maturity to help understand the current security posture and identify gaps
- Have the ability to perform unified searches against security data via normalization out of the box, making it easier to analyze and investigate security incidents
- Gain more control over storage and compute costs to make informed decisions about budget allocation
Challenges
- Legacy system that couldn't efficiently handle new requirements
- Unable to bridge the gap between building complex detection logic against sophisticated attack scenarios and a newly assembled and growing team
- Spending too much time building use cases and detections
- Existing SIEM solution fell short in terms of efficient threat hunting from both a technical and cost perspective
{{cs-divider}}
{{cs-background}}
{{cs-divider}}
{{cs-testimonial}}
{{cs-divider}}
Challenges
As a leading data analytics software company, Alteryx faced several challenges as it aimed to enhance its security operations and threat detection capabilities. Being in a data-driven industry, Alteryx was acutely aware of the constant threat of cyberattacks, and their existing legacy SIEM struggled to adapt to the evolving security landscape and new requirements. Bridging the gap between intricate workflows and non-technical employees was of the utmost importance. Alteryx needed a way to involve all team members, regardless of experience, making it crucial to find a solution that could empower the entire team.
In addition, the labor-intensive, manual task of building use cases and detections posed a considerable challenge, consuming valuable engineering hours. Their existing SIEM system proved inadequate for efficient threat hunting, both from a technological and cost perspective, posing a substantial hurdle for the SOC team. When navigating the intricacies of their existing SIEM, Alteryx identified that it wanted to more holistically handle the requirements of modern cybersecurity practices and threat detection. Alteryx needed a solution that could scale effectively to accommodate increasing data volumes, ensuring the platform could grow with the business.
Enter Anvilogic
Alteryx turned to Anvilogic as they grappled with the complexities of a legacy SIEM, a common predicament many organizations face. Rather than ripping and replacing their security infrastructure, which was neither practical nor prudent, Alteryx looked for a bridge solution, allowing them to take measured steps towards modernization and adopt different data lakes for logging repositories and sources.
With Anvilogic, Alteryx was able to rapidly build threat detection use cases, a crucial aspect of enhancing their threat detection capabilities. Anvilogic not only streamlined operations but also provided a standardized framework for analyzing attack patterns and assessing maturity. With out-of-the-box detections and a unified search function that abstracted the underlying technology layer, Alteryx found in Anvilogic a comprehensive solution that transcended the limitations of their legacy SIEM.
Guang Wang, Sr. Director of Security Operations and Engineering at Alteryx, said, "Anvilogic is the perfect solution because it doesn't depend on any specific underlying data lake or SIEM solution. It isolates and abstracts the layer of data storage to the schema, so we don't have to worry about making a big decision for the underlying storage solution."
This level of flexibility and adaptability proved invaluable as it allowed Alteryx to blend legacy systems harmoniously with modern infrastructure.