Blumira Resources & Blog

Customer Story: Erinapp | Blumira

Written by Thu Pham | Oct 2, 2024 2:59:40 PM
Industry Driver Company Size
Tech - Software SOC 2 Compliance 35

The Challenge

Erinapp needed an easy-to-use SIEM solution to monitor their AWS infrastructure and to meet SOC 2 compliance.

The Solution

With Blumira's easy-to-use, cloud-delivered SIEM platform, Erinapp was able to meet SOC 2 requirements while leveraging detection rules managed by Blumira, taking the burden off of their small team. 

“Blumira has a startup-friendly pricing model and is easy to set up, use, and maintain, with no additional infrastructure required – it’s the only one on the market that meets those needs.”

Dave Hannan
COO

 

Erinapp

Founded in 2018, ERIN's employee referral and internal mobility software platform increases employee referral hires for non-desk and corporate employees by 5x and decreases turnover by 50%. With ERIN, employees can seamlessly track their employee referrals, track bonuses and rewards, earn points for activity, and share referral links on social media.

Seeking a SIEM For SOC 2 Compliance

As COO, Dave Hannan runs many teams – customer success, renewals, sales ops, and more – wearing many hats, including IT and information security. Erinapp was working through a SOC (Service Organization Control) 2 audit, so they required a security information and event management (SIEM) system.

Requirement CC2.1: COSO Principle 13—The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.

  • Captures Internal and External Sources of Data—Information systems capture internal and external sources of data.
  • Processes Relevant Data into Information—Information systems process and transform relevant data into information. (Source)

SOC 2 compliance covers five trust services criteria -- security, availability, processing integrity, confidentiality, and privacy. Certified public accounts are external auditors who can evaluate and verify compliance, providing reports demonstrating an organization's ability to protect its clients' data.

A SIEM system captures system data sources, processes, and turns relevant data into meaningful information; helping organizations meet the SOC 2 2.1 requirements.

As the main purchasing decision-maker, Dave and his team spent the good part of a summer searching for a SIEM solution and trialing different products, including Splunk, Microsoft Sentinel, AlienVault, LogRhythm and more, but failed to get any of the SIEMs operational.

“We chose Blumira for its easy setup as the simplest SIEM solution available. We don’t have any in-house IT infrastructure and run a serverless setup on AWS. Many solutions we evaluated don’t have native integrations with our tech stack and require a log forwarder to run on a VM,” Hannan said.

The ease of use and flexible pricing model – annual contracts, priced per seat rather than the amount of data collected – was also appealing to Hannan when compared to other SIEM providers.

“Blumira has a startup-friendly pricing model and is easy to set up, use, and maintain, with no additional infrastructure required – it’s the only one on the market that meets those needs,” Hannan said.

Erinapp leverages Blumira’s native integration with AWS to help continuously monitor their cloud infrastructure.

“We use AWS and GuardDuty, but what’s the point of logging if no one has the time to review those logs consistently?” Hannan said. “Blumira flags numerous events in AWS and, for example, when a new IAM role is created or modified, we immediately receive an alert. This allows us to quickly investigate whether it was intentional or not.”

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. By integrating Amazon GuardDuty with Blumira, GuardDuty alerts are actionable, and easy to aggregate across multiple accounts.

“I mostly love that Blumira maintains detection rules – unlike Splunk and Datadog, where once the trial is set up, you are left having to figure out what to do,” Hannan said. “That is difficult without a full-time team of engineers that know what to build and how to set it up.”

The value that Blumira provides for Erinapp includes a platform that helps extend the capabilities of their small team, automating manual security tasks. Behind the scenes, Blumira’s many different teams keep the platform updated and operating smoothly:

  • Parsing and building new integrations – Our engineering team writes new parsers for integrations, maintains existing ones, normalizing and standardizing data for threat analysis. 
  • Writing clear and useful documentation – Our CX team maintains easy-to-follow documentation to help IT teams with quick setup, detection tests, configuration and much more.
  • Managing detections and threat hunting – Blumira’s Incident Detection Engineering team develops detection rules and does threat hunting at scale, automatically updating the platform.
  • Keeping the platform reliable and scalable – Our engineers ensure reliability of the solution and maintain backend infrastructure so it runs without interruption on a daily basis.
  • 24/7 responsive security support – Our responsive, experienced Security Operations (SecOps) team is on standby available 24/7 for critical priority issues.

“We like that we don’t have to worry about the maintenance of it; it’s there, we know it’s working, and we don’t have to spend a ton of time monitoring it,” Hannan said. “We have a peace of mind knowing there’s a tool digging through our logs, looking for anomalies. It’s helpful for small companies that don’t have a full-time security person on staff.”
View full post