GoFundMe Accelerates Incident Response and Closes Visibility Gaps with Panther

Eric Jolly, GoFundMe’s Security Operations Lead, knew that it was time for a new solution. Relying on previous tools in their stack, the team was facing visibility limitations and challenges including defining custom detections and creating new alerts. Eric heard about Panther from another engineer on the team and he was immediately drawn in by the out-of-the-box value Panther delivered with pre-written detections, easy data onboarding, and powerful data lake search features. 

Illuminating GoFundMe’s Security Environment 

Working with a decentralized security event management solution had previously led to fragmented data sets that created difficulty in detecting and responding to threats. Eric felt like their current solution was more of an infrastructure tool than a security tool and that it was missing key security workflows they needed to better monitor their logs and action alerts. The first priority with a new solution was to immediately improve their visibility into their infrastructure and security event logs. 

By onboarding their key data sources into Panther, GoFundMe quickly improved its security posture by gaining comprehensive visibility in one platform. Panther’s native integrations with their key sources and budget friendly, ingestion-based pricing made it straightforward to start onboarding their most important event logs. 

Enhancing Alert Workflows with Accountability and Efficiency 

GoFundMe’s previous alert workflow relied heavily on manual input with analysts having to manually run searches and investigate alerts. This approach made it challenging to effectively manage the growing number of security alerts.  By implementing Panther, the team’s alert workflows became more streamlined, enabling them to easily assign, track, and resolve incidents. The platform’s alert queue and assignment features improved accountability and ensured that security incidents were addressed promptly.

Leveraging Panther’s comprehensive search features like the summary views delivered faster investigations when responding to alerts. Having all of their security events in a normalized data lake now means that they can more easily find the data they’re looking for.  

GoFundMe’s new, streamlined alert and incident response workflows improved the security team’s operational efficiency and productivity. The platform’s automated alert assignment and tracking features reduced manual effort and enabled the security team to prioritize and resolve incidents more efficiently.

Leveraging Advanced Detection Capabilities to Reduce False Positives 

One of the main challenges GoFundMe was facing before deploying Panther was the limited detection capabilities of their existing tools. Their previous solution required them to build everything from scratch, resulting in a significant time investment. Panther’s advanced detection capabilities, including both Python-based custom detections and out-of-the-box Detection Packs, helped GoFundMe to quickly improve their threat detection accuracy and reduce false positive alerts. For critical data sources, the Detection Packs were especially valuable in providing immediate threat coverage. Features like rule filters in Panther enable the team to easily tune and iterate on out-of-the-box detections, creating a cycle of continuous improvement. 

Using Panther’s advanced detection capabilities and customization options, GoFundMe successfully reduced the number of false positive alerts in their queues. Leveraging the ability to apply no-code rule filters the security team can easily customize Panther’s pre-written detections to meet their environment’s unique needs and keep false positive alerts low. The GoFundMe team also makes heavy use of Enrichment, utilizing custom Lookup Tables to add key context to their detections, cutting down investigation times and false positive alerts even further.