July 29, 2021 | 3 minute read
As enterprise technical infrastructures become more complex, managing them grows increasingly difficult. Protection against the growing problem of cybercrime also remains a key aspect for anyone involved in IT management. Cybersecurity considerations are especially critical for organizations involved in Customer Experience Automation and CRM, such as my company ActiveCampaign.
Ensuring our organization had an industry-leading SecOps footprint, I was brought into ActiveCampaign three years ago to develop our security stack and build and lead our team of now 30 security professionals. I currently serve as Vice President, Head of Information Security at ActiveCampaign, and am also a member of the Cybereason Customer Advisory Board (CAB).
That last point lies at the heart of this post, and why I recently chose Cybereason to be the keystone of the ActiveCampaign security stack. Its state of the art features make it the right choice for our needs. With an eye towards helping your company craft its own information security strategy, let’s look more closely at the approach I took for ActiveCampaign.
When thinking about my security technology stack, I typically integrate a series of tools to help me in a few key areas: Visibility, Prevention, Detection, and Forensics. Let’s analyze all four:
When I joined ActiveCampaign, the company had no anti-malware or early detection and response systems/processes. My first point of order involved engaging Cybereason as the keystone of my security stack, along with two other complementary vendors.
My team and I ran a proof of concept comparing Cybereason against one of their top competitors. After this side by side comparison, the entire team unanimously agreed that Cybereason was a more effective solution and made a far better fit for ActiveCampaign.
Following that POC, it became clear to me that Cybereason is a no-brainer for cutting edge technology companies heavily leveraging Linux in their product environments and Macs for employees. Simply put, there is no better EDR solution on the market.
Cybereason’s other industry-leading functionality includes the following:
In addition to its extremely robust prevention, detection and forensics capabilities, Cybereason also provides a failsafe we feel very comfortable relying on. The multi-layered AV/NGAV, device controls and EDR capabilities are highly effective at preventing malicious operations when other controls fail.
I just hired two new security analysts. Due to the intuitive nature of Cybereason, they were onboarded and productive in less than two weeks. They’re performing investigations and doing great based on the success criteria for their role.
In fact, one of the new analysts who came from a massive multinational biotechnology company said, “Wow I wish I had this at my old job, I used to have to do all this triaging and investigating manually.” So, a side benefit is that Cybereason also improves job satisfaction among my analysts; ultimately making it easier to retain my security talent.
Cybereason’s low signal-to-noise ratio allows analysts to focus on only the most critical incidents. And it takes the guesswork out of remediation with automated and guided response options; making sure that when an event happens, we can respond in real time to reduce any dwell time. When we hear from the Cybereason SOC, there is no question of its importance.
Cybereason also provides a very detailed analysis of every MalOp™ (malicious operation) from root cause across every affected endpoint, user and asset - even our cloud workloads. This gives us the leverage we need to make sure that we can reduce the potential impact from any incident.
Integrating Cybereason into diverse cloud-based and hybrid environments is simple. The Cybereason sensor is directly embedded into the Amazon Machine Images (AMIs). Every 15 minutes a script runs, ensuring all cloud instances have the Cybereason agent installed. If a cloud instance is found to be missing the agent, a Chef Cookbook automatically installs the agent.
When it mattered most, Cybereason enabled us to ensure our network was protected. Their agent sent actionable intelligence when any suspect activity on our technical infrastructure occurred.
It’s not always an issue of alert fatigue or false positives vs. true positives. Cybereason provides actionable information to help us make the right decisions when under pressure. This enables us to reduce our mean time to detect and respond. It’s the one tool we consistently rely upon for the actionable and accurate information we need in critical situations.
Everyday, I am a Defender. Cybereason gives me the tools and expertise that I need to defend ActiveCampaign’s customers and employees. Ultimately, I would recommend Cybereason to anyone.
Chaim Mazal is the Vice President of Information Security at ActiveCampaign, where he oversees the information security organization, including security operations, security product engineering, information technology, and risk and compliance teams. Prior to joining the ActiveCampaign team, Chaim built security programs at two of the highest valued SaaS startups in Chicago, Uptake and Avant. Chaim has created multiple SaaS-specific security programs using his expertise in offensive security to secure fast-paced high-growth environments. Chaim is actively involved in the information security community. He is a lifetime member and contributor to the OWASP Foundation and currently sits on several advisory boards, including Cybereason and Bugcrowd, two multi-billion dollar SaaS security companies.All Posts by Chaim Mazal