© 2020 Arizent. All rights reserved.

Correlating threat intel offers a real leg up on data security

Register now

When approaching security analytics and incident response, Public Service Credit Union faced various challenges with resources, such as log retention, data storage, administration and man hours.

“We needed a solution that made sense for our environment, satisfied our requirements, addressed our challenges, but also enhanced our capabilities,” said PSCU Vice President of Information Technology Carlos Vazquez. The $2.3 billion Lone Tree, Colo.-based PSCU turned to DefenseStorm, a cloud-based cybersecurity solutions firm in Seattle. In addition to proactive monitoring, Vazquez explained that DefenseStorm provides access to real-time threat intelligence, which allows PSCU to conduct timely forensic analysis.

“By taking advantage of 24/7 event monitoring, correlating with other threat intelligence sources, while having the ability to create alerts from any system, we have been able to utilize the solution far beyond our initial use case,” said Vazquez.

PSCU took a “phased roll-out approach” that involved a discovery process of “identifying all of our systems from which we would like to see events,” said Vazquez, initially focusing on critical systems and network infrastructure.

“We then realized the solution was highly scalable and decided to include any endpoint that is connected to the network and was supported. One of the immediate benefits was establishing a baseline for our traffic,” he continued. “With a baseline, we could then identify an anomaly that may result in a security incident.”

Prior to implementation, Vazquez said that would have been difficult due to the sheer amount of data at stake. The new approach earned the credit union a 2017 Best Practices Award.

Additionally, DefenseStorm set up alerts concentrated on anomalies and helped the credit union identify ones that are used in best practices or those unique to PSCU — and how to prioritize them based on severity.

For reprint and licensing requests for this article, click here.