BACKGROUND

Upwork is a SaaS platform that allows people to find freelance work in any industry. They specialize in connecting clients with freelancers to afford enterprises more flexibility in their projects, and provide talented freelancers work opportunities.

Upwork’s Cyber Fusion Center is a 24/7 team of security analysts, threat hunters and cyber threat intelligence analysts dedicated to identifying, investigating, and mitigating threats to Upwork and its customers. Upwork's architecture utilizes industry standard cloud infrastructure, and the majority of their internal and third-party tools are cloud- or SaaS-based applications.

Running a global freelancing platform generates a lot of data, and the high data storage costs of their previous solution resulted in siloed data, poor visibility, and inefficiencies within the security team.



UPWORK'S GOALS

  • Centralize security operations into a single platform 
  • Increase effectiveness of security team by introducing automation into the threat detection investigation, and response workflow
  • Reduce the cost of data storage and historical log retention

 

KEY CHALLENGES

  • Lack of visibility within the environment due to siloed data sources
  • Different systems being maintained by different teams, leading to duplicative work
  • Inefficient SOC operations and a lack of coordination in investigations 


"Because of Hunters, Upwork has been able to remain threat focused. We've been able to pull away from being alert-focused, going through the daily repetitive task of looking at alerts, doing repetitive investigations. Generally speaking, it transformed the way that we do investigations."

Shawn Chakravarty
Director of Cyber Fusion Center

01

Immediate value

Within weeks, Hunters detected a true positive that was not detected on other monitoring platforms

02

Measurement ability

Introduced metrics like MTTD and MTTR, which Upwork was unable to collect with previous tools

03

Decreased costs

Switching to Hunters and Snowflake lowered the cost of data storage and improved performance

04

Improved analyst experience

Investigations conducted using a single centralized tool, reducing frustration and fatigue

05

Reduced alert fatigue

Allowed the security team to focus only on high-fidelity threats by decreasing noise in the environment

06

Enhanced security posture

Made historical log retention accessible so analysts could investigate past threats made public