As enterprise technical infrastructures become more complex, managing them grows increasingly difficult. Protection against the growing problem of cybercrime also remains a key aspect for anyone involved in IT management. Cybersecurity considerations are especially critical for organizations involved in Customer Experience Automation and CRM, such as my company ActiveCampaign.
Ensuring our organization had an industry-leading SecOps footprint, I was brought into ActiveCampaign three years ago to develop our security stack and build and lead our team of now 30 security professionals. I currently serve as Vice President, Head of Information Security at ActiveCampaign, and am also a member of the Cybereason Customer Advisory Board (CAB).
That last point lies at the heart of this post, and why I recently chose Cybereason to be the keystone of the ActiveCampaign security stack. Its state of the art features make it the right choice for our needs. With an eye towards helping your company craft its own information security strategy, let’s look more closely at the approach I took for ActiveCampaign.
Building a Security Stack From Scratch
When thinking about my security technology stack, I typically integrate a series of tools to help me in a few key areas: Visibility, Prevention, Detection, and Forensics. Let’s analyze all four:
-
- Visibility and Coverage: I need to understand what’s happening right now. This includes having complete visibility of everything happening in my environment; across all of our diverse operating systems.
- Prevention of Malicious Executables: I need a failsafe for preventing malicious executables for the cases where staff may fall prey to phishing or other attack vectors where just a click of the mouse can put us at risk. Effective prevention also reduces the burden on my analysts, resulting in fewer items requiring investigation and response.
- Detection and Remediation: Regarding alerts, my team used to get more than we could handle, and none helped us identify an attack in progress. I needed a low signal to noise ratio solution that delivers the full attack story for any incident. This lets me feel confident that my team is only working on real issues instead of trying to sort out a barrage of alerts. I’m then able to quickly determine the blast radius. Ultimately, when it comes time to work with Site Reliability Engineers and DevOps teams to remediate issues, complete and accurate information helps us appropriately respond in a surgical fashion.
- Forensics: I also need to capture all of the available attack telemetry to use in investigations as well as retain it all for extended periods to meet our legal and compliance obligations. Additionally, this intelligence helps us detect and prevent future attacks that use similar TTPs.
Why Choosing Cybereason Made Perfect Sense
When I joined ActiveCampaign, the company had no anti-malware or early detection and response systems/processes. My first point of order involved engaging Cybereason as the keystone of my security stack, along with two other complementary vendors.
My team and I ran a proof of concept comparing Cybereason against one of their top competitors. After this side by side comparison, the entire team unanimously agreed that Cybereason was a more effective solution and made a far better fit for ActiveCampaign.
Following that POC, it became clear to me that Cybereason is a no-brainer for cutting edge technology companies heavily leveraging Linux in their product environments and Macs for employees. Simply put, there is no better EDR solution on the market.
Cybereason’s other industry-leading functionality includes the following:
A Reliable Failsafe
In addition to its extremely robust prevention, detection and forensics capabilities, Cybereason also provides a failsafe we feel very comfortable relying on. The multi-layered AV/NGAV, device controls and EDR capabilities are highly effective at preventing malicious operations when other controls fail.
Highly Intuitive, Optimizing New SecOps Employee Onboarding
I just hired two new security analysts. Due to the intuitive nature of Cybereason, they were onboarded and productive in less than two weeks. They’re performing investigations and doing great based on the success criteria for their role.
In fact, one of the new analysts who came from a massive multinational biotechnology company said, “Wow I wish I had this at my old job, I used to have to do all this triaging and investigating manually.” So, a side benefit is that Cybereason also improves job satisfaction among my analysts; ultimately making it easier to retain my security talent.
Extremely Low Signal to Noise Ratio
Cybereason’s low signal-to-noise ratio allows analysts to focus on only the most critical incidents. And it takes the guesswork out of remediation with automated and guided response options; making sure that when an event happens, we can respond in real time to reduce any dwell time. When we hear from the Cybereason SOC, there is no question of its importance.
Cybereason also provides a very detailed analysis of every MalOp™ (malicious operation) from root cause across every affected endpoint, user and asset - even our cloud workloads. This gives us the leverage we need to make sure that we can reduce the potential impact from any incident.
Easily Integrates Into Any Highly Automated Cloud Environment
Integrating Cybereason into diverse cloud-based and hybrid environments is simple. The Cybereason sensor is directly embedded into the Amazon Machine Images (AMIs). Every 15 minutes a script runs, ensuring all cloud instances have the Cybereason agent installed. If a cloud instance is found to be missing the agent, a Chef Cookbook automatically installs the agent.
When it mattered most, Cybereason enabled us to ensure our network was protected. Their agent sent actionable intelligence when any suspect activity on our technical infrastructure occurred.
It’s not always an issue of alert fatigue or false positives vs. true positives. Cybereason provides actionable information to help us make the right decisions when under pressure. This enables us to reduce our mean time to detect and respond. It’s the one tool we consistently rely upon for the actionable and accurate information we need in critical situations.
Everyday, I am a Defender. Cybereason gives me the tools and expertise that I need to defend ActiveCampaign’s customers and employees. Ultimately, I would recommend Cybereason to anyone.