St. George's University
Learn how St. George's University reduced false positives by replacing their more complicated legacy SIEM with the Anvilogic platform.
Reduced
false positives by replacing their more complicated legacy SIEM with Anvilogic
Complete
MITRE ATT&CK coverage across several techniques when there was none previously
3X
as fast in rolling out new detection rules with the Anvilogic Detection Armory
Goals
- Develop metrics and reporting to proactively identify areas of growth and business risks
- Reduce time spent building and deploying detections to quickly address threats
- Improve the efficiency of the team and tools to enable proactive security work
Challenges
- Difficulty scaling a small security team with a global footprint to stay ahead and tackle security threats
- Inability to apply version control on many custom correlation rules
- Saddled with doing more reactive security with fewer resources rather than developing a security awareness culture
{{cs-divider}}
{{cs-background}}
{{cs-divider}}
{{cs-testimonial}}
{{cs-divider}}
Challenges
To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.
In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.
Enter Anvilogic
The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.
Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.