BACKGROUND

Netgear is a computer networking company that turns ideas into innovative networking products that connect people and power businesses.

With an ever-growing volume of data being generated across cloud, network, endpoint, mobile, and more, Netgear set out to implement a SaaS-first, cloud-first cyber security strategy that could handle the amount of data being captured by the enterprise. SIEM solutions used by the company created inefficiencies in their SOC, and generated noisy signals that were delivered to analysts without context. The solutions Netgear used in the past required a massive time investment for configuration and resulted in high data storage costs.

Netgear has been able to completely replace their SIEM with Hunters SOC Platform and Snowflake’s data lake, achieving higher efficiency, increased use case coverage, and a predictable data cost model.



NETGEAR'S GOALS

  • Move from a reactive to a proactive and predictive approach to security
  • Increase the focus on detection and response rather than on managing and maintaining multiple tools
  • Adopt a cloud-first security strategy that aligns with the business strategy
  • Ingest and analyze cloud-scale data, in a cost-effective manner that works for security analytics, incident investigation and forensics

 

KEY CHALLENGES

  • Without effective prioritization, untenable alert volumes were generating too much noise with false positives, leading to analyst fatigue and missed incidents.
  • Difficulties hiring and training talent to write detection rules for new cloud and SaaS data sources led to a data coverage gap
  • Lack of correlation and context from inability to integrate all of the data sources into the SIEM tool.
  • Analysts were spending more time than necessary on manual investigation and stitching the dots together to understand each alert.
  • Inability to retain data for a sufficient duration, which is crucial for timely detection, response and forensics.


"We can now finally focus on threats across the entire attack surface using one single interface, which has led to faster incident response."

Pallavi Damle
VP Enterprise Security

01

Greater incident clarity

Using a centralized SOC platform that automatically correlates and contextualizes data sources, the team no longer had to deal with noisy alerts and false positives

02

Faster incident response

Automated attack stories saved analysts the time normally spent manually gathering evidence across different sources to piece together an attack timeline

03

Reduced alert fatigue

Dynamically scored and prioritized alerts are presented on a single interface, dramatically aiding alert triage

04

Improved forensic investigations

Moving to a centralized, “always-hot” data model allowed for full visibility into historical data for forensic investigations

05

Relieved manual workload

Heavy automation emphasis eliminated time spent by the security team on data ingestion and processing, as well as threat detection, investigation, and response.

06

Minimized management overhead

Switching from their on-premises solution meant no more time wasted maintaining it - configuring, tuning, patching, etc.