Panther hits that sweet spot of being a tool and having all these useful features, but it’s also a framework. It’s the framework piece that gets underserved by every other tool I have tried, and that’s what makes it genuinely different.
Jeremy Mill
Varo’s Senior Manager of Security Engineering
The Varo security team needed help with their existing security tech: an ELK stack that took up too much time from the team without high-quality alert output. It demanded considerable overhead maintenance, and as an outdated solution, it lacked the comprehensive functionality of a proper SIEM platform, leading to a lot of manual effort. This led to their hunt for a modern SIEM to deploy that could reduce the burden of ongoing maintenance and liberate valuable security engineering time to focus on threat detection and response.
I want to focus on what we do, and we secure the bank. We don’t run or manage the SIEM, so if we can have somebody else run the SIEM and focus on that for us, then that is the right decision every time.
Jeremy Mill
Varo’s Senior Manager of Security Engineering
During a comprehensive SIEM search, Varo reviewed their existing tech stack against offerings like Panther and Datadog. The Varo team found that Datadog couldn’t meet their needs for flexible data ingestion or their budget, and lacked core SIEM functionality. They ultimately opted to purchase and deploy Panther as their modern SIEM solution.
With Panther’s SaaS deployment requiring no overhead maintenance, Varo’s security team could redirect their focus towards more critical tasks, particularly detection and response activities. By opting for a managed SIEM and freeing up engineering resources, Varo could better allocate their talents and expertise toward safeguarding their systems and data.
Jeremy Mill, Varo’s Director of Security Engineering, wanted to transition as much as possible towards an infrastructure-as-code approach. In his search for a new security solution, he knew that everything-as-code was a priority and found alignment between his vision for his team and Panther’s Detection-as-Code based solution.
Their existing solution didn’t deliver the level of flexibility they needed in a SIEM. The built-in alerting functionality was limited and lacked key features like dynamic alert severities, detection enrichment, and alert management. By choosing to adopt a Detection-as-Code approach with their SIEM solution, the Varo team has been able to drastically improve their security operations.
The team leverages many out-of-the-box Panther detections tuned with Python code edits or rule filters to customize their detection engine to their security environment’s needs. They also heavily use Panther’s enrichment features, delivering key context to alerts for speedier response times. Through detection tuning and enrichment, they’ve improved their false-positive alert rate and enabled security team members to focus their efforts on high-value signals and avoid burnout.
Work-life balance and avoiding burnout is really, really important to me. That way when something real does happen, our team can prioritize it. Every alert should have an action, and if that action is a false-positive assessment, then we can tune it immediately. Otherwise, we would have a lot of fatigue.
Jeremy Mill
Varo’s Senior Manager of Security Engineering
One of the driving forces for finding a new security solution was to improve the visibility and consolidation of Varo’s security data into one platform. It was important for the team to find a solution that delivered easy data ingestion and centralized alerting into one platform. Panther’s native capabilities to ingest high-priority log sources like Okta, GSuite, and AWS enabled Varo to quickly onboard their critical data and leverage out-of-the-box detections for immediate value.
In addition to using Panther’s native integrations for log ingestion, Varo also uses Panther’s flexible capabilities for ingesting custom data sources.
We have one job that takes in a very legacy data source and we can fire that off to our Panther webhook within the JSON schema we have defined and now it’s in Panther and it’s searchable. Doing that in other security tools would be a nightmare and in Panther, it isn’t.
Jeremy Mill
Varo’s Senior Manager of Security Engineering
By consolidating their key log sources, Varo gained comprehensive insight into their security landscape, allowing for more effective monitoring and threat detection across their cloud-native operations. This centralized approach streamlined their security operations and gave the security team a holistic view of potential threats and vulnerabilities. As a result, Varo bolstered its security posture, enhancing its ability to identify and respond to possible security incidents proactively. Adopting a unified platform for security data and alert management not only strengthened Varo’s defenses against cyber threats but also increased operational efficiency by simplifying the management of their security infrastructure.
