Dramatically reduced SIEM costs due to using ExtraHop as the primary data source for security analytics
Real-time security response thanks to rapid, high fidelity insight and an analytics-first SecOps workflow
Complete visibility across all systems and devices with a streamlined method for drilling into threats
For Accolade, providing top-notch service is a top priority. Indeed, it's what the company is known for. Accolade customers experience industry-leading engagement levels, satisfaction scores unseen in healthcare, better clinical outcomes and cost savings of more than 10 percent. A major component of keeping customers happy is ensuring the security of their data.
When Mike Sheward joined Accolade in early 2016, he immediately saw an opportunity to streamline costs and improve the company's IT security posture. At the time, Accolade was using a managed security services provider (MSSP), which had deployed a commercial SIEM offering.
Between the costs of the MSSP and the commercial SIEM, the company was spending approximately $200,000 a year. The team also had extremely limited visibility into the commercial SIEM solution, and depended entirely on the MSSP to monitor the security of their environment.
With ExtraHop and the SIEM we've built around it, our security guys have — at most — two windows they need to look at. One tells them what's going on, the other one tells them what has gone down and how to fix it.
Mike Sheward Principal Security Architect, Accolade
Working with his security team, Sheward set out to build a security solution that would better serve the needs of the business by keeping costs down and bringing control back in-house. The result of that effort is FortifyHQ, a custom-built SIEM solution hosted on AWS.
FortifyHQ uses wire data from ExtraHop, log data from AWS CloudWatch and CloudTrail, and a third-party authentication platform to provide both real-time visibility and forensic analysis to keep Accolade and its customers ahead of emerging threat vectors. With FortifyHQ in place, Sheward and his team were able to terminate the contract with the MSSP and the commercial SIEM.
By triggering a precise packet capture for suspicious events, and then sending that data to an open-source IDS solution using the ExtraHop Open Data Stream (ODS), Sheward and his team now have real-time intrusion alerting - and the digital evidence needed to investigate incidents - without requiring extensive customization.