BACKGROUND
This US-based manufacturing company operates a global network of connected infrastructure and technology assets, serving millions of users. Their cybersecurity team is lean but experienced, responsible for safeguarding both traditional IT and operational technology (OT) environments.
In their search for a modern SIEM, the Director of Cybersecurity and Privacy prioritized a platform that could work with their existing cloud-first data lake strategy. Their previous vendor-hosted SIEM restricted visibility and ownership, making it difficult and costly to manage data retention, disposal, and ingestion.
“Most organizations end up retaining data forever, including customer data. That’s a big pain point from both a cost perspective and a management perspective.” Director of Cybersecurity and Privacy US-based manufacturing company
KEY CHALLENGES
- Rigid vendor control over data
Their previous solution stored security data externally, limiting flexibility and creating a costly dependency for data access, retention, and disposal. - Manual integrations for new data sources
The previous SIEM required building custom connectors, slowing the pace of onboarding new telemetry and increasing engineering overhead. - Staffing gaps and alert fatigue
With a small team, even temporary absences (e.g., during vacation periods) made it difficult to keep up with alert triage and investigation workloads. - Lack of real-time response capability
Without fast, accurate threat correlation, analysts were left to manually stitch together context—limiting the speed and confidence of their decision-making.
“We can’t automate everything... so we look to our partners to help us reduce false positives, fine-tune the platform, and reduce the noise.” Director of Cybersecurity and Privacy, US-based manufacturing company