Protection against major security incidents
Ability to scale and meet demand
Rapid client onboarding
Defending the financial services industry against cyberthreats with managed security service
ECI, formerly Eze Castle Integration, is a trusted partner to financial services organizations across the globe for managed services, cybersecurity and business transformation. Headquartered in Boston, Massachusetts, ECI has offices across the United States, Europe and Asia.
ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion in assets under management put their trust in ECI.
One of the fastest growing services at ECI is cybersecurity, which clients deploy to protect their operations from increasingly sophisticated threats such as scammers, hackers, and other cyber-criminals. These services allow clients to accelerate and streamline regulatory compliance by providing proof of resilient cybersecurity measures.
Meeting growing demand for security services
The origins of ECI's Security Information and Event Management (SIEM) service, that is based on Elastic, lie in the evolution of the company's own security systems. Previously, different departments at ECI devised their own monitoring and event tracking solutions to meet regulatory compliance requirements, conduct cybersecurity investigations, and help engineers troubleshoot infrastructure issues.
Over time, this created a series of challenges. Each team was managing its own logs from a variety of clients, which resulted in silos of data that were often stored in different formats. Extra effort was then needed to detect suspicious activity, and it was also difficult to guarantee log retention in response to regulatory requirements.
Kamyar Kojouri, Director of Security Operations at ECI, says, "As a managed security service provider (MSSP) and growing business, we needed to ensure effective management of a growing client base and the subsequent infrastructures and logs to monitor.
In response, a team of ECI engineers familiar with Elastic's sophisticated data search, analysis, visualization, and security capabilities, created an Elastic account and assessed the potential of Elasticsearch. In just a few days, a proof of concept was assembled, which included a cluster, agent deployment, log ingestion, and dashboards and the team at ECI decided to enlist Elastic's support for a complete solution with flexibility to be productized for clients.
The biggest thing keeping me up at night was event logging and security on our own systems. If we could resolve that, then we could offer it as a product to help clients protect their systems and make the compliance process more efficient.
Elastic quickly grasped an understanding of ECI's goals after a thorough consulting phase. "An Elastic engineer came to our office within just a few days and worked with the team for a full week to help us configure the technology. The most impressive outcome was how fast we were able to turn things around and come up with an ideal product for our own business and that of our clients," said Kamyar.
In addition to professional consultation services from Elastic engineers, Kamyar attributes the success of the project to easy deployment on Elastic Cloud, and on-demand training courses available on Elastic Learning. As a result, ECI moved swiftly from proof of concept to a fully functioning SIEM.
The Elastic training was excellent, especially the mentors and on-demand and virtual in-person training.
Elastic Cloud now makes it easy for ECI to scale and add new customers quickly -- less than two weeks in most cases. Today its SIEM service ingests more than two billion events per day from 130 clients running their systems in a variety of environments such as ECI Cloud, Microsoft Azure, and on-premises at offices and datacenters. Elastic Security transforms these feeds into actionable "threat intelligence" that makes it possible to detect the source and targets of attacks.
Swiftly responding to external threats
In addition, Elastic's popular visualization tool, Kibana, provides a "single pane of glass" for alerts and notifications, as well as critical security functions like incident investigation and threat hunting. ECI offers its clients complete transparency through access to prebuilt Kibana dashboards, to examine activity relating to their business software, and track any irregular behavior — including insider attacks. This transparency is a key differentiator for ECI as is its competitive pricing model.
Elastic also enables the team with swift response to external threats, including major hacking incidents.
Let's say there is a major security breach that impacts a number of organizations, and it's reported in the press. With Elastic we can quickly search all the relevant data of our SIEM clients and reassure them that they are not affected or keep them protected if they are under attack.
Kamyar also highlights the importance of Elastic's cross cluster search functionality, whereby a single search request can be run against one or more remote clusters. "Cross cluster search is really appealing for our clients. We can carve out separate clusters if the client needs them for security or other strategic reasons. But our security operations center (SOC) can still run a threat hunting search across all the clusters from a single node," says Kamyar.
Dedicated, proactive Elastic Support
Elastic Support also played an important role in the success of the project. On more than one occasion, the Elastic product team reached out to Kamyar to proactively suggest how ECI could take advantage of a new Elastic software release.
"We were having difficulties adding exclusions based on the role-based control of the SOC team. They took the feedback and implemented the change right away. The Elastic team is extremely knowledgeable, and it always feels like we're getting dedicated engineering support," he says.
To further advance its managed security services for clients, ECI is considering deploying real-time threat response technology, machine learning for automation, and a single, unified way to ingest data into the system. XDR (eXtended Detection and Response) is another possible addition for unifying the capabilities of SIEM, security analytics, and endpoint security.