Leading Manufacturing Company
Learn how a Leading Manufacturing Company achieved 61% increase in coverage in prioritized MITRE ATT&CK techniques.
11 TB
Per day of CrowdStrike FDR data ingested into Snowflake
25%
Reduction in Splunk costs
275+
Detections deployed in less than four weeks
61%
Increase in coverage in prioritized MITRE ATT&CK techniques
Instant
Transition of critical data sources from Splunk to Snowflake without disruption
{{cs-divider}}
Challenges
- Reduce Splunk dependency and spend
- Improve data retention to support investigations
- Lack of detection coverage for crucial data sources
The security operations center (SOC) of a leading manufacturing company heavily relied on Splunk, while the rest of the enterprise invested in Snowflake. The SOC team faced escalating costs with Splunk. It could not bring crucial data sources like CrowdStrike FDR into their deployment, hindering their ability to retain data for sufficient durations for investigations.
Enter Anvilogic
Anvilogic helped this SOC team reduce their Splunk dependency and cost while transitioning to a modern security data lake strategy that better utilized their Snowflake environment. In less than four weeks, the SOC team achieved 11 terabytes of CrowdStrike FDR data per day ingested into Snowflake at 25% of the cost of Splunk. With Anvilogic’s technical partnership with Cribl, this SOC team was able to ingest additional critical data sources. As a result, they deployed over 275 detections (the industry average is 156 detections per year), which increased their detection coverage by 61%. They were able to achieve this transition from Splunk to Snowflake without disruption.
.svg)
