|Healthcare||Poor AlienVault experience, HIPAA compliance||600|
As a fast-growing company with a startup mentality, a mid-sized healthcare company needed a detection and response solution that acted like an extension of their current team. But they were frustrated by the decline in their existing AlienVault service and solution reliability.
The mid-sized healthcare company turned to Blumira’s cloud security platform to replace AlienVault USM with an affordable, easy-to-deploy and use solution that works out of the box, and includes access to Blumira’s responsive security operations team.
We're a small team, we need help. The analyst interaction and monitoring is amazing. That extension of our team made it the easiest sell I've had as a CISO for a product.
Launched in 2014, this mid-sized healthcare company has grown to serve more than 60,000 members across eight states, with offices in major cities around the world. The large and sprawling state of its operations required a more efficient and effective security operations workflow.
This mid-sized healthcare organization aims to improve health equity, using technology to gather and analyze health data to create personalized care plans, optimize medical outcomes and reduce patient costs.
Since holding previous positions at Microsoft and many other large and mid-sized tech companies, the mid-sized healthcare company’s CISO was well-versed in working with different security solutions, each with varying levels of success. When he started at the healthcare company, the organization had AlienVault’s USM (Unified Security Management) system in place to provide log collection and detection capabilities.
“Honestly, it was just frustrating. A lot of security engineers had issues with response times — not only with their customer service, but with running a report,” their CISO said. “Nothing is worse than the spinning wheel to make you pull your hair out. The tool had difficulty loading and it would take two days to run a report – and that’s not an exaggeration.”
The healthcare company has a team of four people to support and manage security for their 100% cloud-native and 100% remote workforce. As CISO (Chief Information Security Officer), he often had to roll up his sleeves and get into the weeds to help out with incident detection and response, as AlienVault offered no additional support for their team.
“[With AlienVault], if you need additional services or features, it’s typically a module they don’t have and you have to pay more for,” their CISO said. “As a CISO, you ask for and establish a budget once a year. You can’t decide midway to get a new feature – that’s not gonna fly.”
The healthcare company replaced AlienVault USM with Blumira’s automated detection and response platform, seeking an all-in-one solution that provided higher value to fit the specific needs of their team and organization.
“We’re a small team under a lot of tight deadlines. We need something out-of-the-box ready that our people could pick up and use seamlessly,” their CISO said. “When an incident is happening, we need quick data — we can’t wait for a spinning wheel.”
Many traditional detection and response solutions, or SIEMs (security incident and event management) systems can take up to three weeks for initial setup, and another 3-6 months of writing rules to get it operational, according to Blumira Integrations Engineer Nato Riley, formerly at LogRhythm and worked as a consultant setting up SIEM systems for different organizations.
“We evaluated other solutions like Splunk, but they were too big. We can’t afford it and we don’t have 20 people to help run it.”
After the acquisition of AlienVault by AT&T Cybersecurity, the healthcare company and many other customers have reported that the quality of their service started to deteriorate. The healthcare company team found value in Blumira’s unique approach to security partnerships with their customers, demonstrating dedication to transparency and customer success.
“There’s truth in Blumira’s pricing — it’s here’s what you get, and you know what you’re in for. There’s zero cost and no need to buy a module to leverage Blumira’s support. They’re an extension of our team, and our trusted partner — they’re invested in getting us to succeed,” their CISO said. “Not like AlienVault, where we were often sitting on hold or sending emails that didn’t get responded to. Phone and email was an add-on with their service. With Blumira, it’s all included.”
Another value-add for the healthcare company’s IT team was the availability and responsiveness of Blumira’s security operations team to help assist them with detection and response.
“We’re a small team, we need help. The analyst interaction and monitoring is amazing. That extension of our team made it the easiest sell I’ve had as a CISO for a product,” their CISO said. “It was so easy to compare [Blumira] to other SIEMs and show the value proposition.”
The healthcare company’s small team was able to deploy Blumira, set up integrations with their existing tech stack, including Windows, Active Directory, Linux, Okta, G Suite, Microsoft 365, Cisco Umbrella, Cisco Meraki Firewalls, and Zscaler; and start getting value out of the platform right away. Blumira provides ready-to-go integrations with easy-to-understand documentation that walks customers through setup, as well as a technical account manager (TAM) to help with any additional onboarding support.
“It actually took three days to get Blumira set up and data flowing — that is unheard of; ridiculous. And with that, we had usable data, right away,” their CISO said. “With a four-person team that is busy doing other things, we had a really light lift.”
Writing rules is key to correlating the data pulled into a log collection system and comparing them to attacker behavior patterns in order to identify when malicious activity has been detected in an organization’s environment. Tuning these systems is how you can make sure they don’t send too many false positives to an IT team and overwhelm them with noise – well-tuned SIEMs only alert on the most important and prioritized threats to keep IT people focused on what to take action on.
“The tuning by Blumira is incredible. It’s a huge lift and saves us a lot of cycles. The team was like — wow, it’s working and it’s running,” their CISO said. “With Blumira, it’s like valet vs. parking your own car.”
As a CISO, he also found value in the intuitive usability of Blumira’s platform, designed for IT teams and non-security experts.
“[Blumira] has a great UX/UI. We can walk in without being an engineer, as it’s well laid-out with threat levels, an audit trail of how to respond, playbooks on what to do, plus another set of eyes on our environment. It’s easy to use late at night or by a non-security person, and a third-party SOC can jump in here and know what to do and who to reach out to. It’s so easy, a CISO can use it,” their CISO said.
The heavy lift that Blumira’s platform does for their healthcare company saves time, resources and security personnel, while consolidating the many different capabilities of different SIEM, detection and response systems into one platform.
“With the traditional SIEM experience, we would need a full team to run it. If I need something from the company, by the time I get my answer, the fiscal year is over. If you need to maximize your budget, then Blumira is the solution.”
Compared to AlienVault, Blumira’s platform was easy for their CISO to justify the budget for the security solution.
“I can go to the board with the full value proposition of Blumira and their all-in-one package — included are things like a honeypot, instant integrations, responsive service. The price was very attractive compared to AlienVault as well,” their CISO said.
When it comes to compliance, the healthcare company is bound by HIPAA, the Health Insurance Portability and Accountability Act that regulates and protects patient data in the healthcare industry. A “business associate” is HIPAA terminology for a person or entity that performs activities involving the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. The healthcare company is considered a healthcare vendor under HIPAA, providing insurance services.
“Now that we have switched to being a business associate, a lot of companies are coming to [our healthcare company] to do security assessments. As a CISO, I can jump in and get the reporting they request; it really does keep us compliant to have that evidence on hand,” their CISO said.
Blumira provides the information and security services needed to help meet the healthcare industry compliance requirements for customers and our customers’ clients.