Large Distributor Provides Broad Visibility for Forensic Investigation

Corvil Security Analytics provides broad visibility across their environment and simplifies forensic investigation.

Challenge

Investigations Became Mired in the Additional Effort to Locate and Access Message Payload Details

  • Impossible to effectively prioritize triage of the riskiest threats because they were inundated with a multitude of uncorrelated alerts from across their environment
  • Growing number of threat detection coverage gaps as employees were using an increasing number of uninstrumented, non-Windows devices on the network
  • Investigations became mired in the additional effort to locate and access message payload details related to specific events or specific machine to machine communications

Solution

Corvil Met and Exceeded the Team’s Requirements for a Single Solution with Broad Visibility Across their Environment

  • Focus on the most important threats first by correlating multiple attack indicators for rapid prioritization
  • Eliminating blind-spots by identifying instrumentation coverage gaps by observing communications from devices without agents installed
  • Detect threats even within existing instrumentation coverage gaps by matching observable device activities against risk factors indicated by threat intelligence feeds
  • Obtain visibility into threats by site location or other network categorization to classify high-risk vs low-risk attack sites
  • Rapidly validate and triage detected threats with payload information unavailable in other tools
  • Streamline investigations by accessing message payload details directly from the event being inspected
  • Rapidly determine the lateral spread of a threat and develop effective containment strategies with user activity tracking

Results

Future Plans For Corvil

With the productivity gains from using Corvil for alert prioritization and deep forensics, the security team is working to fully integrate Corvil with the rest of their security ecosystem. They plan to leverage the extended visibility Corvil provides by streaming our high value, low volume data into their SIEM. They are also identifying specific endpoint security workflows that can be automated by using shared data and analysis to trigger protective actions.

Download or Schedule a Demowith a Corvil Specialist

About the Customer

Large Distributor

The second largest premium wine and spirits distributor in the United States, with over 7000 employees and operations in various locations across the United States.

Download

Greenwich Associates Research

Read the Report


"Corvil has provided us with unique visibility and enabled accelerated triage, ultimately helping us to more effectively protect ourselves from the sheer quantity and variety of risks that now exist for any modern business.”