SouthTrust Bank

Initially founded in 1934 in George West, Texas as First National Bank, SouthTrust Bank has grown to serve communities and customers in seven locations in South Texas and Houston. Locally owned and operated, SouthTrust Bank competes with the largest mega-banks and local competitors to provide a wide range of financial services to their customers; dedicated to providing the best possible customer experience.

Seeking an Easy-to-Use, Affordable SIEM for NIST & PCI Compliance

Keith Knisely, Assistant Vice President/IT Specialist at SouthTrust Bank, was in search of a security information and event management (SIEM) solution for the organization to help them meet NIST and PCI DSS compliance regulations and reduce security risks.

“Regulators and internal auditors kept asking us why we didn’t have a SIEM, and if we planned on implementing one,” Knisely said. “With my strong cybersecurity background, I was surprised we didn’t have one. With all of the different systems we have in place, having central log storage and the ability to get reporting from one central location is really crucial.”

Knisely searched the web for different SIEM solutions and followed chatter in online cybersecurity forums that compared Blumira’s solution to QRadar; an IBM SIEM that is better suited to enterprise companies that have large SOC (security operations center) and security analyst teams.

“Others said that Blumira provides a really good bang for your buck; there’s a lot of other features included that other solutions make you pay extra for. The ease of use was appealing as well,” Knisely said. “In our quote, QRadar will include 1 or 2 cloud integrations, but if you want any additional integrations, you have to pay extra. That includes support fees.”

Greater Security Value; Built for Small IT Teams

Aside from the increased complexity and cost, Knisely was seeking out a solution that would work for their team of two full-time IT specialists that handle both IT and security for the organization.

“We didn’t have a SIEM at the time. We were trying to find something we could implement that wasn’t too difficult to configure and made it easy to understand for the less technical people, especially when trying to get buy-in power from our stakeholders,” Knisely said.

SouthTrust Bank’s President and CEO were the ultimate decision-makers, part of their IT steering committee that also included their CFO, CCO and Knisely. The committee looks at the pros and cons of changes they want to make from a technical perspective, determining the type of tools they want to put in place, then exploring the different options available to them.

“We had been working with our MSP and talking about QRadar; we had a demo of QRadar by the MSP,” Knisely said. “Then we set up the free version of Blumira, and within the first 14 hours, had a detection that we probably would never have caught otherwise.”

XDR Demo & Easy Deployment

Knisely was contacted by Blumira to try out the XDR Platform edition and Blumira’s team helped SouthTrust Bank install Blumira Agent on endpoints across their organization.

“That was really positive – we were able to use the information we gathered during that demo to be able to show our steering committee the value we were getting out of Blumira,” Knisely said. “We had another discussion after comparing pricing and decided to choose Blumira. We liked the cost and that it allowed us to have more control.”

The organization’s MSP gave them a quote for IBM’s offering; but Knisely mentioned that the option would give them some visibility but no control over the QRadar solution, which they wanted to be able to see in real-time. While he had experience with other SIEM and security analytics solutions like Splunk and open-source products, they also lacked notifications (ability to detect and alert). Open-source also brought trust issues when it came to the highly regulated financial industry.

Blumira achieved SOC 2, Type II compliance as verified by an independent auditor to ensure the company is preserving the security and integrity of our customers’ data. Our solution helps customers in different industries that must meet different compliance requirements such as NIST and PCI DSS, including:

• One year of data retention
• Centralized system logging
• Daily log review (automated)
• Anomaly detection and response
• Endpoint detection and response
• Ability to contain threats with endpoint isolation technology

Blumira’s ease of deployment and use was a major point of value for their small team.

“Deployment didn’t take long at all – the free trial version took about 20 minutes to implement. When we actually made the purchase and got the SIEM solution with endpoint visibility, it took 5 minutes to deploy Blumira Agent out everywhere,” Knisely said. “I already had all of the Microsoft 365 and Cloud Connectors set up previously. It was very successful and super quick; very, very, easy.”

While other SIEM solutions lack built-in detection rules, Blumira’s platform comes with detection rules automatically rolled out at deployment, and developed, maintained and tuned by a team of incident detection engineers.

“Blumira is really easy to understand – you don’t need a degree to be an expert to operate and understand what the system is doing,” Knisely said. “It provides a lot of value for the cost, including all of the features you get and having one centralized area to send everything to detect very quickly; we can easily track what’s happening, what’s being affected, and how to mitigate. It makes our response time really quick.”