By Mikala Vidal on May 21, 2019 1:26:02 PM
GRA Quantum is a global cybersecurity services firm that operates in multiple locations around the world. As a provider of cybersecurity services, GRA Quantum takes the trust of its customers and its security infrastructure very seriously. These things go hand-in-hand when it comes to selecting technology to use and sell. “Most of the tools we sell to our clients are the technologies we use and rely on. We wouldn’t promote anything we hadn’t used or weren’t completely confident in already,” said Tom Boyden, President at GRA Quantum.
GRA, as well as GRA Quantum, use OneDrive for cloud file storage. Both organizations found it difficult to assess file and user activity, and the risks associated with those activities. The security teams could see the logs in the Microsoft Security Center, but found the amount of information overwhelming, and sifting through the logs was a burden on the company’s resources. And when questions or concerns related to OneDrive files came up, the security team was short on answers. There was no easy way to get the data needed to stay well-informed. In an effort to address this challenge, the security team started a free trial of Allure Security.
“I was very impressed at how easy it was to set up an Allure Security account. Once our OneDrive environment was connected, our dashboard started populating immediately. Within a day, we saw that our almost 100 employees accessed OneDrive files more than 1,000 times. This finding alone helped us better prioritize our security investments and resources,” said Antonio Garcia, CISO at GRA.
As the dashboard continued to populate, the security team was even more pleased. Allure didn’t just show them logs that they had to manually investigate; it flagged potential risks and allowed them to drill down into each possible hazard directly from the dashboard to get the critical details they needed to address those risks.
The Allure data loss detection and risk monitoring platform is built to provide a greater understanding of OneDrive use in various locations, given its ability to enrich log activity with geolocation details and provide strategic alerts based on specific criteria. GRA organized its Allure account to issue alerts whenever a document was accessed in a location or region where the company has no office. For other regions, the company arranged for alerts geared more toward informing the security team only when an attempt to access falls outside of the company’s security policy. In these cases, the team sometimes gets “false positives,” but even these warnings can provide beneficial insights and therefore are not a waste of time to investigate. As an example, Allure reported that a GRA administrative assistant working in the United States opened a file in the Philippines. Once the security team was alerted to the unusual activity, a quick phone call confirmed that this person utilized a VPN to access the file.
“It was reassuring to know that Allure was able to detect the activity, and it gave me peace of mind to be able to confirm--quickly—that this wasn’t a sign we were under attack. The craziest part is that I checked in our raw Microsoft logs and the event was incredibly difficult to locate. Allure was able to alert me to activity that would have otherwise been buried,” said Jen Greulich, Director of Managed Security Services at GRA Quantum.
“We personally experienced the benefits of using Allure’s detection and response technology, which inspired us to become a partner and now resell it to our clients. In addition to having great technology, Allure is also a true partner. They are receptive to our product feedback…actually listen to our needs and ideas, and are incorporating some of our suggestions directly into the product.” --- Bart Holzer, Senior Director of Integrated Security Solutions