Rapid Time-to-Value
Hunters provided Spotnana with pre-built content, including detectors, enrichments, and graph-based correlation across their security stack, enabling them to start deriving value from day one.
BACKGROUND
Spotnana, a Travel-as-a-Service Platform based in New York and with a hybrid workforce, faced the challenge of monitoring their environment effectively. With infrastructure running on AWS and a diverse range of tools including SentinelOne, Sysdig, CloudFlare, Jira, G-Suite, and more, Spotnana needed a solution that could provide centralized security operations and streamline their threat detection, investigation and response.
The security team at Spotnana, consisting of three technical engineers and led by CISO Ashish Popli, sought a platform that could ingest all of their existing data sources into their Snowflake Data Cloud, deliver pre-built detectors for their security telemetry, and correlate alerts so the team could consume actionable insights.
“We didn’t have the time or resources to build the rules ourselves on a SIEM. With minimal work we could connect the data sources into the Hunters platform and start getting value from day 1 with its pre-built detectors and embedded logic.”
Gabriel-Alexandru Necula, Senior Security Engineer
KEY REQUIREMENTS FOR SPOTNANA
- Doing ‘more with less’: Like most security teams, Spotnana is limited on time and resources, so they lacked the capacity to develop their own rules and use cases on a SIEM. They needed a solution that could provide pre-built detectors and logic for their existing toolset, so the team could focus on the unique use cases of their organization.
- Avoiding alert fatigue: As a small team responsible for a substantial environment, Spotnana needed a platform that would allow them to efficiently manage their daily queue, prioritizing and accurately alerting them of security incidents without overwhelming them with false positives.
- Scalability and management of data: Spotnana sought a security operations solution that could scale effortlessly and ensure data availability, relieving them of managing complex and costly on-prem infrastructure.
“Hunters has been very good at correlating alerts and providing us from day one with the enrichment and context required to make better decisions.”
Ashish Popli, CISO
01
02
Efficient alert management
Even with a small team managing the platform, they were able to confidently clean up their daily queue. Since Hunters automatically increases or decreases the risk level of alerts according to severity and likelihood, the team could consume prioritized and contextualized alerts and Attacks Stories which give the full timeline of the incident, facilitating further investigation and response.
03
Comprehensive security monitoring
The platform serves as a single pane of glass for security monitoring, aggregating and correlating alerts from Spotnana’s security toolset and giving them full visibility of their existing coverage. Moreover, the team is able to easily fetch their operational metrics from the platform to report to leadership.
04
Scalable data management
With minimal effort to connect data sources, Spotnana can run Hunters on their own Snowflake Data Cloud, attaining nearly unlimited scalability and effortless management of their security telemetry. They could easily scale from terabytes to hundreds of terabytes without concerns about performance or availability.