Customer Story: CeloPay Selects AlienVault USM to Protect Their AWS Environment
In this AlienVault interview, Ryan Leatherbury, USM Anywhere Product Manager, and Scott Ward, AWS Solutions Architect, interview the CEO and Founder of CeloPay, Jason Harper, to understand why he selected AlienVault USM Anywhere to monitor the security of his AWS environment.
View the video to learn more about how Jason was able to achieve these benefits with USM Anywhere:
- Centralized log management put critical security info at their fingertips, without the need for time-intensive manual log reviews
- Ability to generate reports to prove PCI DSS compliance in seconds
- Full security visibility and intelligent alerting
RYAN: I’m going to now introduce Jason Harper. He is the CEO and Founder of CeloPay, and he’s going to talk a little bit about how he used AlienVault USM Anywhere and AWS to achieve some of their business and security goals.
JASON: Good morning. Thanks, Ryan.
RYAN: Maybe you could tell us a little bit about your environment and some of the security challenges you were facing when you started looking at USM.
JASON: Absolutely. At CeloPay, we are an exclusive AWS customer for all the reasons that Scott and Ryan have talked about in terms of speed to infrastructure and the security that wraps around that infrastructure, and we also handle payment data as a company. Security, as you can imagine, is paramount for us.
One of the wonderful things (but scary things) about Amazon is that there is an abundance of information in terms of logs and monitoring, and we needed some way to aggregate this because it just became physically impossible to run a lean security organization within our company, but at the same time be able to keep on top of all of this information.
Thankfully, we discovered AlienVault. I guess, in a sense, the product has really allowed us to consolidate what would be, traditionally, multiple security roles, multiple human beings, sitting and parsing this information and monitoring it on a day-to-day basis. We’re really down to less than one, and it allowed us to do it in a matter of an hour during our deployment with USM Anywhere.
It really is a great tool for parsing and correlating and analyzing all of the wonderful information that comes out of AWS—and consolidating that into a single view for us as a customer. We have visibility into exactly what’s happening in our environment, some great proactive learning—all things which I’m sure Ryan will talk about.
But for us, it really was a wonderful find to allow us to take what would otherwise be a little cumbersome with lots of sources to view, aggregate, and consolidate, and now we see all of that in one global view, which is certainly life changing for us.
SCOTT: Hey, Jason, this is Scott. I’m kind of curious… When you say that you were able to get that down to about one person kind of monitoring your security, did you find that you were able to take those resources and re-shift them into things that were maybe more focused on the value prop of the company or other things that they could now do? Did you find that you were able to repurpose those people?
JASON: Absolutely. As a software company, our focus is really on the product and development of the software, but of course, we don’t underestimate the importance of security, particularly around handling payment data. Where we like to put our human capital is in improving the product. Rather than having a security team that outweighs the size of my development team, I’m always eager to bolster our development resources where possible, so that’s exactly what we were able to do. We were able to still maintain a high degree of focus and purpose around security, but do it with a lot less internal resources by leveraging tools like AlienVault.
SCOTT: Very cool.
RYAN: I had another question for Jason. Maybe you could tell us a little bit about what you were doing before you had AlienVault.
JASON: Yeah, absolutely—it’s not pretty! As you’ve heard, there are all these wonderful sources of information available to you through AWS, so we were sort of using those native tools: Cloudwatch and VPC Flow Logs and all those things. We were capturing those and manually parsing and reviewing those.
As you can imagine, not only is that cumbersome because it’s tens and hundreds of thousands of log items, but it wasn’t the best in being a real-time monitor for us. Oftentimes, if there were some probing or an incident or something that we needed to look into, we would find it during our security reviews the next day, for example. We just didn’t have the capability to get through all that in near real time. It just wasn’t physically possible by parsing all of that manually.
For us, it was a very manual process. We would go through audits as a PCI-level service provider. It was a very manual process, gathering information for our auditors. Very, very time consuming. That’s why it took so many resources. It’s not a bad thing that there’s so much to parse through. We would rather have more than less, so that’s a wonderful thing that Amazon does, but it is a lot to go through, and having a tool like AlienVault really completely transformed that process for us.
RYAN: Great, Jason. Thank you. Maybe you could tell us a little bit about why it was you went with USM. There are definitely a lot of solutions out there we’re aware of, but I’m just curious what your thought process was as you went through that evaluation.
JASON: Yeah, there were a couple of factors for us. The first one that comes to mind is we’re a very cost-conscious company. We want to make sure that we’re spending our money and our dollars in the right places. There are several solutions that we looked at. Some of them were so wildly expensive it was just out of our reach. The approach with AlienVault we found to be very fair for the product from a pricing perspective. That was definitely a big factor for us.
I know you have “ease of deployment” on the screen, but that was huge. Again, our goal here was to minimize our security team, so we didn’t want this huge, complicated project. As one of the previous slides mentioned, we’ve been an AlienVault customer for two years. We were previously on their USM product that was posted on our old instance in Amazon, and we’ve since moved to their Anywhere product, and that transition literally took about an hour and a half. It was unbelievably simple to deploy in our environment and transition that information. That ease was certainly attractive.
Then one thing I’ve always said, and I’ve been a huge fan from my first interaction with the company… I had some thoughts and ideas about the product, and my phone rang one day, and it was Ryan on the other line. He was genuinely interested in what I had to say and what I thought would be a great addition. That really stuck with me. We’re a very customer-centric focused company ourselves. We always listen to our customers. Our product road map is dictated by our customers, so any time I work with a partner that is genuinely interested in hearing what I have to say… And look, I know that doesn’t always mean it gets committed to a development cycle, but the genuine interest to hear us out and to ask questions and be accessible really sealed the deal for me. I just think that’s a really important value that a lot of companies lose track of, and you kind of get lost in the shuffle, and that’s something that we pride ourselves on not doing with our customers, and it struck a chord with us with AlienVault as well. It seemed like it was an important value to them. So, thanks, Ryan!
RYAN: Thank you, Jason. I really appreciate that. Well, maybe now we can just touch on some of the benefits you gained by using USM.
JASON: Absolutely. Our security view today looks very different than before USM. I think you’ll probably talk about this, but there was sort of a central console that we can use, the AlienVault console where we can see any active alerts or events. We can, of course, review on a log-by-log basis. We can do all kinds of fancy things by slice-and-dice, by our antivirus product or our IDS products or anything that we want to look at specifically.
Proactive alerting is huge for us. As I mentioned before, if there were a potential incident or something that raised our eyebrows, oftentimes, we would be discovering that 12 or 24 hours after it occurred, and now we know within minutes.
And simple things that sometimes we take for granted, but if someone on my team makes a change to an Amazon security group, I want to know about that because our security groups are pretty static. They don’t change that often, and again, given the sensitivity of our application, it’s important that we know about those changes. And, of course, Amazon does capture all those changes in the logs, but now I know literally within minutes if there’s a change to my Amazon environment, and that’s huge for me. We really gained consolidation, being able to see everything in one place, and the ability for the proactive alerting that’s built right into AlienVault.
RYAN: That makes total sense. Scott, I’m curious if you had any questions from your point of view about CeloPay’s experience, some of these areas—
SCOTT: Yeah, I guess I’ve got a question. Did you find that you were able to… Because you had this visibility through the log management, did you find that you were able to change any of your development practices? Were you able to say, “Yeah, we can do more continuous deployments,” or just able to adopt different methodologies because you have more of this confidence now?
JASON: I’m not sure that it changed our approach to development. It did change our ability to develop because we were able to throw more resources at that and less on security monitoring. Now we have an iteration of our product every 60 days. We have a very rapid, progressive development cycle. And again, without this kind of visibility and understanding and minimization of resources in our organization, that simply wouldn’t be possible.
And just one thing I want to clarify because we’re talking about minimizing resources, which sounds counterintuitive for a payments company, somebody that should be hyper-focused on credit card security. And make no mistake—we are. It’s one of our guiding principles in everything that we do, and that’s what’s so magic about this, the combination of AWS allows a company like me that has to live up to PCI level 1 standards to do that with less, and there’s something to be said for that. It’s not that we care any less or that we don’t want to spend money on it; it’s where a lot of our money goes, being compliant, but it allows us to do it with less, in a more rapid and proactive cycle. For anybody that’s concerned about payment security or any kind of compliance, it’s a great tool.
SCOTT: That’s great to hear. I just love to hear how customers are able to do a lot with less. A combination of AWS and [inaudible 00:10:53] [JM1] solutions is just really cool to hear.
JASON: Yeah, it’s huge.
RYAN: Absolutely. Well, thank you so much, Jason, for sharing that story. It’s very compelling for us to hear—and very motivating to continue to build a better product because you’re why we exist.