Solaris Group Ditches Manual Rules and Focuses on Automated Threat Detection

BACKGROUND

Solaris Group is a leader in the field of Banking-as-a-Service, offering a comprehensive platform of banking services to companies in the digital and financial services industries. Through its innovative approach, Solaris empowers its clients to provide their own customers with access to a wide range of banking services, enabling them to focus on their core competencies while leaving the complexities of the financial sector to the experts at Solaris.

As a financial services enterprise, specifically in the highly-regulated DACH region, it’s especially important for Solaris to maintain a robust cybersecurity program. Between large attack surfaces, heavy surveillance, and being a highly targeted industry, the damage caused by a security incident can be devastating, both for business outcomes and for consumers.

When Pranav Vattaparambil, VP of Cybersecurity at Solaris, joined the team, he found that their SOC had been struggling with the same issues he had seen throughout his years of experience in security engineering. As a growing company, Solaris faced data volumes that grew faster than their legacy SIEM solution could support. The team experienced further inefficiencies due to the lack of visibility from siloed data sources, as well as a lack of out-of-the-box detectors and insufficient correlation between multiple log sources.

To address these issues, Solaris sought a tool that would enable them to leverage the power of a data lake for both security and non-security purposes, while automating manual labor for their analysts and engineers. With Hunters SOC Platform, Solaris was able to replicate their previous SIEM's use cases and rule sets, easily ingest their data into their data lake, and generate investigation timelines using Hunters SOC Platform's automated detection, investigation, and correlation features.

SOLARIS GROUP'S DETECTION ENGINEERING GOALS

• Introduce a security tool that leverages a data cloud to handle cloud-scale streaming of security logs and improve security engineering efficiency
• Comply with financial industry regulations, including long-term data retention, at a sustainable cost while maintaining a strong security posture.
• Reduce mean time-to-detect (MTTD), mean time-to-response (MTTR), and dwell time to improve security incident response.
• Gain full visibility into the environment by integrating all relevant data sources, including custom threat intelligence feeds, into the SOC platform to enhance threat detection capabilities.
• Eliminate the burden of threat detection and correlation from the SOC analyst workflow to allow them to focus on higher-value tasks.

KEY CHALLENGES

• Legacy SIEM not equipped to support rapidly growing data volumes and unable to scale with the needs of the security engineering team.
• Overworked security engineers drowning in false positives, detection rule writing, and manual investigation work, leading to burnout and inefficiencies.
• Inability to integrate all needed data sources into the previous SIEM solution, resulting in blind spots and reduced visibility into the environment.
• Other SIEM solutions on the market involved costly proprietary data storage models instead of utilizing Solaris’s existing data warehouse, adding unnecessary expenses and complexity.

“As the Cybersecurity leader at Solaris, my goal is to create a secure and inviting environment for my employees and users, with the aim of making life easier for my cybersecurity engineers and analysts.

We have achieved this through the utilization of Hunters, a platform that provides us with automated threat detection capabilities. This has enabled us to make a considerable impact in reducing our mean time to detect, dwell time, and mean time to respond.

Not only has this improved our overall security posture, it has also allowed my engineers to enjoy a streamlined, more enjoyable work life. The use of Hunters has enabled us to accelerate our response to potential threats, and this has allowed us to stay ahead of the game when it comes to cybersecurity.”

Pranav Vattaparambil
VP Cybersecurity