GoFundMe Accelerates Incident Response and Closes Visibility Gaps with Panther

Eric Jolly, GoFundMe’s Security Operations Lead, knew that it was time for a new solution. Relying on previous tools in their stack, the team was facing visibility limitations and challenges including defining custom detections and creating new alerts. Eric heard about Panther from another engineer on the team and he was immediately drawn in by the out-of-the-box value Panther delivered with pre-written detections, easy data onboarding, and powerful data lake search features. 

Illuminating GoFundMe’s Security Environment 

Working with a decentralized security event management solution had previously led to fragmented data sets that created difficulty in detecting and responding to threats. Eric felt like their current solution was more of an infrastructure tool than a security tool and that it was missing key security workflows they needed to better monitor their logs and action alerts. The first priority with a new solution was to immediately improve their visibility into their infrastructure and security event logs. 

By onboarding their key data sources into Panther, GoFundMe quickly improved its security posture by gaining comprehensive visibility in one platform. Panther’s native integrations with their key sources and budget friendly, ingestion-based pricing made it straightforward to start onboarding their most important event logs. 

There’s already been multiple times where we’ve made use of logs that we would not have had access to if we did not move on to Panther and start onboarding all of these sources.

Eric Jolly

Security Operations Lead

Enhancing Alert Workflows with Accountability and Efficiency 

GoFundMe’s previous alert workflow relied heavily on manual input with analysts having to manually run searches and investigate alerts. This approach made it challenging to effectively manage the growing number of security alerts.  By implementing Panther, the team’s alert workflows became more streamlined, enabling them to easily assign, track, and resolve incidents. The platform’s alert queue and assignment features improved accountability and ensured that security incidents were addressed promptly.

Leveraging Panther’s comprehensive search features like the summary views delivered faster investigations when responding to alerts. Having all of their security events in a normalized data lake now means that they can more easily find the data they’re looking for.  

Search has been really useful for generating a set of data. When I have something in mind, I can build it easily and get something back pretty quickly when I’m investigating an alert.

Eric Jolly

Security Operations Lead

GoFundMe’s new, streamlined alert and incident response workflows improved the security team’s operational efficiency and productivity. The platform’s automated alert assignment and tracking features reduced manual effort and enabled the security team to prioritize and resolve incidents more efficiently.

Leveraging Advanced Detection Capabilities to Reduce False Positives 

One of the main challenges GoFundMe was facing before deploying Panther was the limited detection capabilities of their existing tools. Their previous solution required them to build everything from scratch, resulting in a significant time investment. Panther’s advanced detection capabilities, including both Python-based custom detections and out-of-the-box Detection Packs, helped GoFundMe to quickly improve their threat detection accuracy and reduce false positive alerts. For critical data sources, the Detection Packs were especially valuable in providing immediate threat coverage. Features like rule filters in Panther enable the team to easily tune and iterate on out-of-the-box detections, creating a cycle of continuous improvement. 

One of the big advantages with Panther is having a library of built in rules, and the fact that new ones are coming out pretty frequently. It takes that burden off of us to create our own. Whereas in our previous tools, that’s entirely up to us to create those rules and those alerts, and that is a significant time requirement.

Eric Jolly

Security Operations Lead 

Using Panther’s advanced detection capabilities and customization options, GoFundMe successfully reduced the number of false positive alerts in their queues. Leveraging the ability to apply no-code rule filters the security team can easily customize Panther’s pre-written detections to meet their environment’s unique needs and keep false positive alerts low. The GoFundMe team also makes heavy use of Enrichment, utilizing custom Lookup Tables to add key context to their detections, cutting down investigation times and false positive alerts even further. 

Panther has matured our workflows in a lot of ways. In terms of threat detection and alerting it’s allowed us to standardize, and it’s even helped with SOC2 in some ways. Panther has helped us in investigations that became incidents; it’s a great tool for investigating those vulnerabilities. It’s been beneficial to us in so many ways.

eric jolly

Security Operations Lead

  • Lacking visibility into their key security logs like CloudTrail and GCP
  • Using decentralized alert workflows and manual processes
  • Relying on limited detection capabilities and challenges in rule customization
  • Ingesting all critical security event logs into Panther
  • Streamlining alert workflows with alert queues, statuses, and assignments
  • Tuning out-of-the-box detections with rule filters and Python edits
  • Centralized security event visibility that sped up investigations and response times
  • Enabling greater accountability in alert response workflows, driving up resolution rates
  • Reduced false positive alerts with improved alert accuracy and customized detections

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo