How Jumio Streamlined Data Onboarding and Built High-Fidelity Alerts with Panther

Jumio: A Leader in Identity Verification

Jumio is an identity verification company that validates customers for mobile and web transactions. Leveraging advanced technology including automation, biometrics, AI/machine learning, liveness detection and no-code orchestration with hundreds of data sources, Jumio helps organizations fight fraud and financial crime, onboard good customers faster and meet regulatory compliance including KYC and AML. Jumio has secured more than one billion transactions across a range of industries, including financial services, gaming, travel, and healthcare.

Prior to looking for a SIEM solution, Jumio paid a managed service provider. The team was disappointed in the opaque nature of the service and wanted to bring control over their security monitoring in-house. To do so, Mo Imran, Jumio’s Head of Threat Detection and Response wanted a security analytics platform that could handle their diverse and voluminous data sources, enable them to write flexible and powerful detection logic, and store their data in a structured way to enable fast queries. Jumio chose Panther as their cloud-native SIEM solution to meet these needs and improve their security operations.

Easy Data Onboarding with Native Integrations & Infer Schema Functionality

One of the main challenges that Imran faced with traditional SIEM tools was getting data into the platform, especially from custom or non-standard log sources. Typically, they had to work with the vendor, which took weeks, if not months, to figure out all the schemas and formats. With Panther, Jumio was able to onboard all of their data sources in less than a week, thanks to native integrations with common cloud and SaaS applications. For their Windows logs and other custom data sources, Jumio leveraged Panther’s infer schema functionality, which can “read” sample logs from any source and create a custom schema for it. This enabled Jumio to ingest log sources into Panther without waiting for vendor support or manual configuration.

Flexible Detection Logic in Python

Another challenge that Jumio faced with traditional SIEM tools was writing and tuning detection logic that was meaningful and relevant for their environment. Out-of-the-box logic was often basic and noisy, generating too many false positives and wasting time and resources. It was also difficult to write new or customize existing logic in most SIEMs, which used vendor-specific or proprietary languages that were hard to learn and maintain. 

With Panther, Jumio was able to write highly customizable detections using Python, a widely adopted and versatile language that enabled them to write lean and efficient code. Python also gave them the ability to enrich detections with external data sources, query other log sources, cache and timestamp events, and perform simple baselining and trend analysis. This enabled Jumio to optimize how meaningful each alert they generated was, reducing noise and improving accuracy.

One example of a detection that Jumio was particularly proud of was a rule for spear phishing attacks. The multi-part rule cached an IP address for baselining, checked for activity from the same account from two different IPs, while also applying some of the out-of-the-box brute force logic. This rule helped Jumio detect and prevent more sophisticated phishing attempts.

Structured Data Stored in Security Data Lake

A third challenge that Jumio faced with traditional SIEM tools was querying unstructured data across large volumes of logs. In other tools, correlating data over terabytes for a query could take 15 minutes or more, making investigations slow and cumbersome. With Panther, Jumio was able to bring in verbose data streams and store them in a structured security data lake powered by Snowflake, a cloud data platform that enables fast and scalable queries over massive data sets. Panther also normalized indicators of compromise (IOCs) across all log sources as data was ingested, making it easier to query across structured data based on attributes like usernames, emails, IPs, and more. This helped Jumio tell the full story during an incident and perform thorough investigations in minutes.

Top-Notch Support from Panther Team

In addition to the technical capabilities of Panther, Jumio also appreciated the support they received from the Panther team throughout their deployment and usage of the platform. “The support has been a breath of fresh air,” Imran noted. “When there is an issue, I have complete confidence you all are on it.” Jumio also valued the feedback loop with Panther, which allowed them to share their suggestions and requests for new features or improvements. 

Conclusion

By choosing Panther as their cloud-native SIEM solution, Jumio was able to streamline their data onboarding process, write flexible and powerful detection logic in Python, store their data in a structured security data lake powered by Snowflake, and receive top-notch support from the Panther team. Panther helped Jumio improve their security operations and achieve their security goals with speed, scale, and flexibility.

Panther is a great choice for security teams that want to take control of their data and detections,

Mo Imran

Head of Threat Detection and Response, Jumio

  • Many tools make it difficult to ingest diverse or custom data sources
  • Out-of-the-box detection logic is traditionally noisy and hard to edit
  • Vast amounts of unstructured data leads to extremely slow query times
  • Easy data onboarding with native integrations & infer schema functionality
  • Flexible, powerful detection logic in Python enables granular detections
  • Structured data stored in Security Data Lake efficiently increases retention and accelerates queries
  • Panther’s cloud-native architecture enables the security team to focus on security, not tool maintenance
  • By leveraging environment-specific logic, Jumio has drastically increased alert fidelity

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo