Increased value of cybersecurity activities
Automated day-to-day infrastructure maintenance, allowing engineers to focus on higher-level security activities by using Elastic.
Improved platform flexibility
Ingesting and transforming data from multiple sources and adapting quickly to security requirements with Elastic.
Enhanced app deployment
Quickly developing and deploying apps with Elastic on Google Cloud.
With Elastic Security on Elastic Cloud, this Global Rideshare Company better protects its data and cuts development time and maintenance resources by 80%
A large aspect of this Global Rideshare Company’s image as an innovative technology business relies on its ability to shield the organization from cyber attacks. A team of engineers led by the Cyber Defense Platform Lead at Global Rideshare Company, enforce its cybersecurity measures.
To understand the threats facing the business at any given time, their team must collect log data from multiple databases, analyze suspicious behavior, and block malicious actors. However, in the past, the company’s cyber defense platform was not in an optimal state.
We were using a security solution that lacked a user interface and the ability to visualize data. This made it extremely difficult to understand data sequences and event timelines, which are essential for threat detection and remediation.
The right cybersecurity tools for the job
The team set out to revamp its cybersecurity platform and built a prototype solution on his laptop using Elastic. They called in the Elastic team to run a threat hunting workshop to test overall detection capabilities as well as how Elastic performed against the company’s internal ‘Red Team,’ whose job is to constantly probe its cyber defenses in hopes of proactively identifying potential vulnerabilities.
With the previous system, they couldn’t thwart the Red Team’s activities. But with Elastic, they spotted their malicious activity for the first time. Having built this proof of concept, they quickly gained approval for Elastic to be deployed as the company’s principal security solution.
The Elastic Security deployment includes a server-side data processing pipeline, which ingests and transforms logs from multiple sources before sending it to a search and analytics engine. Data visualization dashboards also play a vital role, enabling its technicians to monitor systems and identify the root cause of an attack so that it can be prevented at the source.
Their cybersecurity team chose to deploy Elastic Security on Google Cloud for consistency with other components within its threat detection stack. Google Cloud also provides an agile environment where new applications can be spun up and deployed quickly in response to the fast-moving cybersecurity landscape.
Building out our Elastic Security solution on Google Cloud means that we no longer need to focus on the day-to-day maintenance of our security environment. Our developers can spend more time working on the application layer where they can deliver the greatest value to the business.
Lowering maintenance, increasing threat detection accuracy
Since the company deployed Elastic Security, the time needed to develop new detection rules has fallen from 10 working days to just two. The company has also been able to lower the amount of resources needed to maintain its security platform from 2.5 engineers to 0.5.
The accuracy of threat detection has also tripled. "By tripling the accuracy of our threat detection capabilities, we’re not only protecting the infrastructure but also building authority and trust throughout the organization. Employees are far more responsive to notifications and protocols than they were before," says the Cyber Defense Platform Lead.
A solution for business security and growth
Elastic Security enabled the company to prevent multiple threats to its systems, including denial-of-service attacks. "Elastic ensures that we can identify when security incidents take place and remediate them before there is a significant impact to the business," says the Cyber Defense Platform Lead. They also stress the quality of support their company receives from Elastic.
The working relationship with Elastic has been phenomenal. The team is constantly in communication to understand our needs and make sure we have everything necessary to protect our data.
They are confident that Elastic has the flexibility to adapt to new threats and support the strategic direction of the company into the future. “Mergers and acquisitions are an important part of our growth strategy. Elastic gives us the flexibility to ingest ever-growing volumes of data from pretty much any source,” they say. The technology is also reaching a wider audience within the company, with the Abuse and Fraud, Global Investigations, and Insider Threat teams all using Elastic Security to build their own systems and dashboards to monitor criminal and unauthorized behavior.