Blumira Resources & Blog

Customer Story: Enhancing Security at AdvantageCS with Blumira Solutions

Written by Thu Pham | Jul 15, 2021 1:47:00 AM
Industry Driver Company Size
Technology SaaS cloud security 100

Challenge

Security is important to the AdvantageCS mission to ensure their managed SaaS product isn’t an attack surface for their clients’ data stored in their cloud environment.

Solution

AdvantageCS chose Blumira over other providers like Rapid7 and Arctic Wolf to help secure client data in the cloud and for its ease of deployment, responsive support and fine-tuned alerts. They were able to realize security value quickly with Blumira’s platform designed to reduce alert fatigue and deploy in hours.

Blumira is a great solution — we didn’t have to spend six months on the tool to get it set up correctly. We were able to deploy quickly, not get flooded with alerts, and the team is really responsive when we need more help.

Matt Varblow
VP of Engineering Services


AdvantageCS

Founded in 1979, AdvantageCS develops software for publishers and membership organizations as a trusted partner of many of the world’s leading information companies. As a software and services organization, security is important to AdvantageCS and their mission to help clients connect customers to their content and organize their environments and information.

The Challenge: Securing Cloud Data & Services

“We want to make sure our service isn’t an attack surface,” VP of Engineering Services Matt Varblow said. “The managed SaaS version of our product needs to be secure, as we host client data in one of our cloud environments.”

Their internal IT team works to manage AdvantageCS’s Microsoft 365 application and servers, tackle help desk tasks, ensure equipment is working correctly, maintain infrastructure and keep everything up to date. Wearing many hats and fulfilling different roles, the IT team is also responsible for security and firewall management.

The Solution: Easy Deployment; No More Alert Fatigue

As part of their overall internal security strategy, they went to NetWorks Group for a penetration test and received a recommendation for a SIEM (security information and event management) tool to get more insight into their network.

“One thing we were concerned about with SIEMs is the struggle with getting the rules set up just right so we’re not getting inundated with alerts or spending a lot of time looking through logs,” Varblow said. “Blumira is a great solution because you take care of a lot of that for us — we didn’t have to spend six months on the tool to get it set up correctly. We were able to deploy quickly, not get flooded with alerts, and the team is really responsive when we need more help.”

AdvantageCS evaluated several other SIEM and detection and response providers, including Arctic Wolf, ManageEngine, SumoLogic, LogPoint and Rapid7’s Insight IDR. Ultimately, they decided on Blumira’s cloud security platform for ease of deployment, management and overall out-of-the-box security value. Blumira’s SA (Dedicated Solutions Architect) Dave Begley was on standby to help them through their onboarding process.

“After the initial phone call and a follow-up, we had 90% of our applications and machines up and running at that point,” System Administrator and Network Engineer Allen Grunas said.

The AdvantageCS IT team was able to integrate Blumira’s platform easily with their Microsoft 365, WatchGuard firewalls, Windows Server, and their wireless Ruckus system. In a comparison of 12 different SIEM, detection and response vendors on G2, Blumira was found to be five times faster than the average solution to implement fully.

The responsiveness of Blumira’s Security Operations (SecOps) team also helped them quickly detect, notify and remediate false positive alerts.

“Blumira added a new detection for malicious PowerShell activity. It flagged some activity in our environment. Blumira’s SecOps team immediately jumped on, saw that the scripts were legitimate activity coming from the Microsoft System Center monitoring agents, notified us that the alert was a false positive and that they had updated the detection rules for us,” Varblow said.

Detecting Password Attacks & Microsoft 365 Policy Changes

After their penetration test, they had a password spraying incident that Blumira’s platform detected and alerted the AdvantageCS team to address it. Password spraying is when an attacker pairs a single password with many different usernames, testing combinations out against multiple accounts in order to gain access to an account (such as VPNs, cloud services or other applications). An attacker might use this method to avoid most security detections or account lockouts, which can call attention to their activity.

By detecting this form of a brute-force attack with Blumira, you can be quickly alerted to an attacker attempting to authenticate to your environment, which can lead to data compromise, a breach or potential ransomware infection. Our platform provides remediation next steps in the form of a playbook that walks you through how to address this finding and block the threat.

On a daily basis, Blumira also gives AdvantageCS insight into changes to their Microsoft 365 security or mail groups within their organization to help them determine if it’s a planned event or an anomalous action they need to investigate further. A mail-enabled security group is a distribution list that can also be used to control access to OneDrive and SharePoint. Modifications of these groups and/or users in them may indicate attacker behavior, and Blumira provides guidance on how to proceed after an event is found.

“Having an analysis of what happened and how we should respond readily available is huge, as it allows us to respond more quickly,” Varblow said.

When it comes to reporting, AdvantageCS liked that they had another repository for their security data that they can access and know has not been tampered with or compromised by an attacker attempting to cover their tracks.

“Blumira has allowed us to quickly and affordably implement a SIEM tool which was a key piece of our security infrastructure that was missing before,” Varblow said.