Cimpress improves SOC's maturity, efficiency and cost optimization

BACKGROUND

Cimpress is the parent company of 13 separate printing and marketing businesses, including National Pen, VistaPrint, and PixArt Technologies. Their security team encompasses 30 people spanning four continents and operates 24 hours a day to monitor over 15,000 end users. The
security monitoring group, which handles traditional level one through three monitoring and incident response, is a collection of 13 analysts spread in two different locations. As a relatively
small organization, what would typically be called a level one analyst might be doing level one, level two, and incident response work. Analysts take on a wide range of tasks including vulnerability management, incident response, pen testing, red teaming and application security.

Cimpress uses many different vendors for security operations, including one of the big three cloud providers, traditional large SaaS vendors, and a traditional on-premises security information and event management (SIEM) solution.

CIMPRESS CHALLENGES

• SIEM solution being used didn’t fit Cimpress’ business model
• Lacked security coverage and alert contextualization to help analysts respond to security events
• Traditional technologies unable to keep up with the pace of new custom and short-lived applications
• Analysts suffering from false-positive burnout due to the level of noise in the SOC without context or explanation
• Were wasting human resources on manual investigations that could be automated
• Difficulty in hiring and retaining security professionals with vast experience and knowledge

HUNTERS IMPLEMENTATION
 

Cimpress implemented the Hunters SOC Platform to replace its traditional SIEM. Originally, the deployment process involved quite a bit of work due to the proprietary nature of how data was entered into the previous SIEM. Cimpress re-architected the data pipelines internally so that all
landed into an S3 bucket, from which Hunters pulled out data into the platform.

Cimpress integrated their tools and centralized their security operations with the Hunters platform. By providing a single platform, analysts had access to all the data in one place, without having to pivot between technologies.

THE OUTCOME
 

Cimpress saw immediate results in security incident detection and analyst effectiveness.
During their proof-of-concept with Hunters, their current SIEM was also running with their “best of breed” logic. A security incident had occurred across three business units, and the existing SIEM didn't alert and contextualize the event. Hunters, on the other hand, was able to catch the event. In fact, Hunters' Team Axon reached out directly and provided a report detailing what took place and all the adversarial actions in the environment.

With the traditional SIEM, Cimpress would have canned searches that would have to be run to manually contextualize IP addresses, machines, and events. A lot of manual effort had to be expended to actually tell the narrative of what took place. With the Hunters platform, the incident was laid out in a chronological time frame that was human readable. Being designed for a human to consume meant it could also be easily provided to the leadership team to make informed decisions.

“I would 100% recommend Hunters to my peers. It enables teams to do more with less. We don’t need to manage our SIEM as we did before or babysit alerts and logic. We're now allowed to be security practitioners, look at events, and make meaningful strides to improve maturity, efficiency, and cost optimization.”

John Fung
Former Deputy CISO