“Sumo has taken our security game to the next level. It’s allowed me to get some time back in my day to explore other avenues in the realm of security that allow us to only strengthen our stance.”

Owen Dubiel - Information Security Engineer, North American Bancard

North American Bancard

Challenge

Founded in 1992, North American Bancard (NAB) is a leading payments technology provider committed to helping businesses grow through innovations in credit card processing, eCommerce, mobile payments, backend business solutions and other merchant services for some of the biggest global brands like Starbucks, Honda and British Petroleum. NAB’s 1300 employees help process over $45 billion in transactions annually.

As a tech company in the finance space, NAB deals with mass amounts of sensitive financial information and is a target for cybersecurity attacks. Working closely with other departments like compliance and operations, the SOC team at NAB required a SIEM solution for threat intelligence and investigation.

NAB Director of Cloud Security, Aaron Weaver, and Information Security Engineer, Owen Dubiel, were in pursuit of a cost-effective SIEM that could reliably ingest log data, provide prioritized and contextualized threat alerts, allow for custom processes and enable their SOC team to focus on high-value security functions.

First, they tried Splunk, a provider that Dubiel had used in the past. Splunk proved unwieldy in size and resource requirements for NAB’s small SOC team. They had to do a ton of manual work like updating ingestors in the Splunk backend, an issue that they didn’t expect from a cloud solution. Additionally, Splunk’s pricing was incompatible with their long-term data ingestion requirements.

They then ran a proof of concept (POC) with Securonix. Impressed with the POC, they found the experience drastically different in production. Like with Splunk, they had to manually set up data collectors as certain workflows weren’t baked into Securonix. Data ingestion would sometimes stop for days—a big red flag. They had to constantly spend time ensuring the data they needed was consistently ingested, which was counterproductive.

Despite hesitations due to their unfortunate experience with two major providers, the SOC team at NAB continued searching for a SIEM solution that could meet their security needs.
Solution

NAB’s SOC team evaluated and decided to adopt Sumo Logic’s Cloud SIEM after a successful proof of concept.

Facing a tight compliance deadline during the POC stage, the NAB team immediately saw value in Sumo Logic and its main goal of empowering modern SOC teams. The POC allowed them to use a SIEM for its purpose: automatically detect threats, triage alerts, and efficiently perform threat hunting and investigation workflows.

They swiftly flipped Cloud SIEM into production. Ingesting data into Sumo Logic was quick, seamless and reliable. NAB’s need for highly customized processes is also compatible with Sumo Logic’s API-first approach, allowing them to build integrations that truly serve their security workflows.
Results

From the onset, North American Bancard harnessed the power of analytics and automation in Cloud SIEM to drive their daily security operations and mitigate risk.

Reliable, efficient, cost-effective data ingestion

Having struggled with data collection and ingestion with other SIEMs, NAB’s experience with Sumo Logic finally allowed them to focus on triaging alerts and addressing threats.

Sumo Logic’s CloudFlex pricing model also allows NAB to stay within budget. With their multiple subsidiaries and sister entities, NAB ingests massive amounts of data—a pain cost-wise with other SIEMs that use a flat pricing model.

“I think any business would appreciate Sumo’s pricing model. If we’re bringing data into Cloud SIEM and there’s actual correlation happening, there’s a certain rate there. But if you have use cases where, ‘Hey, I just need to store this data for a year,’ then that’s a different rate. We’re not forced to leave out data that could be valuable in detection,” said Dubiel.