Panther is an adaptive SIEM. It’s not like other solutions, where you dump logs in, and they just sit there forever. With Panther, we get to adapt based on what we see in the logs. We get to derive more information from Panther that helps us adapt our detections to be more effective.
Donald Scherer
Director of Security
Tealium, a leader in data orchestration, faced challenges with its previous SIEM solution. The prior tool had limitations to its ingestion and analysis features. This led to the security team lacking complete visibility into Tealium’s environment, creating potential blind spots that could leave them vulnerable to undetected threats.
One of the reasons Tealium selected Panther was its auto-scaling and cost-effective data ingestion. With Panther’s scalable architecture, Tealium could bring more logs into its SIEM environment without an excessive price increase.
By switching to Panther, Tealium achieved a 9x increase in data ingestion, gaining broader visibility into its threat landscape. This significant increase in coverage allowed the security team to analyze and respond to a far more comprehensive range of security events than was possible previously. The increase in data ingestion strengthened Tealium’s security posture and allowed the team to proactively make data-driven decisions to protect their environment.
Before migrating to Panther, Tealium’s prior solution relied on a system that ran scheduled queries instead of real-time analysis, delaying threat detection. These delayed detections created a “rearview” approach to security, making the security team reactive rather than proactive. This could have left Tealium potentially exposed to undetected, time-sensitive incidents.
Panther’s real-time detection capabilities enable Tealium to implement dynamic, immediate alerting. With rules and logic running in real-time, they can detect potential threats as they occur rather than after the fact. This change allows the team to apply real-time detection rules to analyze incoming data for potential security threats like breaches, failed logins, or anomalous user behavior.
The shift to real-time detection reduced false positive alerts by up to 70%. This reduction allows the team to focus on meaningful alerts without spending hours filtering out noise, decreasing alert fatigue and enabling them to prioritize and address critical security concerns faster and more effectively.
As soon as we were on the platform and able to start writing in code that we were familiar with, it was easy to start customizing detections. There are a lot of great examples already written in the documentation, and that jumpstarted us. With the included detections, we were 80% of the way there. Then all we needed to do was apply what we knew about what we are looking for.
Jason
Security Engineer
Tealium’s previous security tool lacked the precision and customization capabilities to identify particular “needle-in-the-haystack” events—rare yet critical security signals hidden within a high volume of other data. For example, Tealium wanted to identify unusual login attempts on their IDP system that originated from unfamiliar IPs. Advanced detections like this were difficult or impossible to run on the previous platform, limiting the team’s ability to detect specific targeted threats.
Panther provides Tealium with correlation capabilities, allowing the team to create custom detections tailored to their unique needs. This flexibility empowers Tealium to design detection logic specific to their security environment, including monitoring unique events like failed logins from unusual locations and role-switching behaviors across cloud accounts. The correlation capabilities allow them to build complex, multi-layered detections to pinpoint risky activities otherwise lost within the more extensive data set. With Panther, Tealium’s security team can deploy highly tuned detections to pick up on targeted events that their previous solution would have missed.
By migrating away from an inflexible and high-cost solution, Tealium’s security team can now confidently and proactively protect its environment. With real-time detection and advanced correlation capabilities, the team has transformed its approach, monitoring more of its security data, gaining invaluable insights into potential threats, and addressing them before they escalate.
