The second largest premium wine and spirits distributor in the United States, with over 7000 employees and operations in various locations across the United States.
The business is subject to an increasingly broad array of attacks, both sophisticated and simple, which if successful, could immensely damage the brand and reputation of the business. The ecosystem of tools used by the security team had grown in an ad-hoc manner. As a result, the team’s efforts to detect, investigate and respond to attacks were mired in the extra work required to stitch together the disconnected alerts. Without a wire data analytics tool in place, they were restricted to using shallow information from systems, devices, users and applications.
Simultaneously, their field of vision was narrowing as Android, iPad and iPhone devices - uninstrumented by endpoint monitoring agents - were increasingly used to access critical business applications and data. The team had no way to quantify how big their blind spots were and could not identify threats lurking beyond their field of vision.
The combination of alert noise, shallow data and weakening visibility meant the risk of a brand-damaging incident was reaching unacceptable levels.
Corvil met and exceeded the team’s requirements for a single solution with broad visibility across their environment, analytics for alert prioritization, and deep network content inspection to simplify forensic investigation.
Our platform captures, decodes, analyze and enrich network data in real-time, across all connected devices, including matching activities against current threat intelligence. The breadth of visibility, including communications from non- Windows devices such as Android, iPad, and iPhone enabled them to understand the scope of their endpoint coverage gaps and identify threats posed by suspicious activities conducted by uninstrumented systems.
The depth of information provided by Corvil, down to the payload details of application communications, empowered the team to efficiently investigate diverse cyber threats. It minimized the manual effort required to inspect and validate attacks, including those that bypass more traditional security controls.
Our analysis and data enrichment powered correlated views of multiple attack indicators for every host, device and operating system - which met their need to dramatically simplify alert prioritization and triage. Our ability correlate observed activities with user accounts exceeded their expectations and enabling them to retrospectively identify the scope of the attack and covertly track compromised user accounts in real-time. As a result, the accuracy and effectiveness of their response was significantly improved.
With Corvil, the security team can:
With the productivity gains from using Corvil for alert prioritization and deep forensics, the security team is working to fully integrate Corvil with the rest of their security ecosystem. They plan to leverage the extended visibility Corvil provides by streaming our high value, low volume data into their SIEM. They are also identifying specific endpoint security workflows that can be automated by using shared data and analysis to trigger protective actions.