CASE STUDY
AirSlate chooses UnderDefense as its Primary Security Partner
Key Results
2,099,840$
saved yearly after entrusting security tools, people & tasks to UnderDefense
23
business days to deploy a complex EDR platform to 1200 endpoints without disrupting critical business operations and flows
35
hours weekly saved for IT team in managing Security alerts
Background
AirSlate is a unicorn startup that offers market-leading solutions for no-code document workflow automation. The company combines artificial intelligence (AI), robotic process automation (RPA), and other technologies to help enterprises globally improve productivity and optimize resources.
The Challenge
AirSlate has been growing rapidly because of its great product and management teams. The company went through several fundraising rounds and attracted large investments. Recently, they acquired a PDF editing and e-signature solution and integrated it into their workflow automation portfolio. At the same time, they launched their own products and reached 100 million users globally.
The team’s hard work and passion paid off and kept them quite busy. The business ecosystem has been evolving exponentially along with the need for application security. They’ve started realizing their ambitious plans with 100% cloud-based infrastructure and needed absolute security. Plus, the promotion of security awareness and a comprehensive vulnerability management program were at the top of the company’s agenda.
Obviously, the in-house security team had too much on their plate, not to mention the ever-evolving cybersecurity threats and the urgent need to protect MacOS and Linux infrastructures.
AirSlate sought a reliable security partner with the necessary expertise to select and implement the right EDR solution and make their organization more secure. Additionally, the company wanted to delegate 24/7 security monitoring and free up expensive internal experts for more critical issues and strategic initiatives.
Client Introduction
Industry
Technology
1000-5,000 employees
Project Duration
May 2022 – Ongoing
CrowdStrike EDR
Covered Endpoints
1200
Automated Rules Enabled
33
“The most impressive thing was the tremendous work done by UnderDefense. We have confidence that our endpoints are now monitored by a top-notch cybersecurity MDR provider, their 24×7 team is very proactive with our IT, DevOps, and Security team and we are sure that none of our servers is at risk of infection and lateral movement when UnderDefense is in place.“
Oleksii Misnik
Information Security Tech Lead, AirSlate Inc.
Challenges
- Lack of security talents and expertise for 24/7 monitoring and detection
Results
- 24/7 coverage delivered by experienced SOC analysts and professional services engineers
- Need for better visibility within the large and hybrid infrastructure
- Comprehensive protection of the hybrid environment and better response to all malicious security threats
- Selection, integration, and fine-tuning of the best EDR platform
- Enhanced security posture as the business grows and attack surface scales
- Strict regulatory compliance requirements that complicate the engagement of external providers
- Robust monitoring and reporting that support multiple compliances of the company
- High cost of hiring in-house security staff for 24/7 monitoring and response
- Ability to innovate and scale in the cloud while staying secure
- Win-win collaboration that encourages open and effective communication
Challenges & Results
Challenge
- Lack of security talents and expertise for 24/7 monitoring and detection
Result
- 24/7 coverage delivered by experienced SOC analysts and professional services engineers
Challenge
- Need for better visibility within the large and hybrid infrastructure
Result
- Comprehensive protection of the hybrid environment and better response to all malicious security threats
Challenge
- Selection, integration, and fine-tuning of the best EDR platform
Result
- Enhanced security posture as the business grows and attack surface scales
Challenge
- Strict regulatory compliance requirements that complicate the engagement of external providers
Result
- Robust monitoring and reporting that support multiple compliances of the company
Challenge
- High cost of hiring in-house security staff for 24/7 monitoring and response
Result
- Ability to innovate and scale in the cloud while staying secure
Result
- Win-win collaboration that encourages open and effective communication
It can take one email for your company to come from “Woohoo!” to “D’oh!”
The Solution
The client’s top-notch security team had a solid and consistent approach to selecting best-of-breed endpoint protection solutions and vendors for their long-term journey. They also realized that they couldn’t handle it all in-house, ensuring a 24/7 protection guaranteed to the c-level.
That’s why they selected UnderDefense and asked for a pilot testing of top tools available in our arsenal: SentinelOne and CrowdStrike. The client wanted to see the platforms in action and evaluate them directly within their infrastructure. After that, they planned to deploy only the most suitable one for their specific needs, mainly for MacOS, Linux, and Kubernetes machines.
Selecting a reliable partner to fill security gaps
The first one was related to the company’s hybrid infrastructure and willingness to continue with cloud-native solutions. Additionally, they didn’t want new tools to utilize too many resources, like the computing power of their servers and software engineer machines. Fortunately, UnderDefense worked with CrowdStrike, SentinelOne, and similar EDR platforms, so we knew all the nuances and risks that should have been addressed immediately.
The second nuance was associated with data access and compliance regulations (SOC 2 Type II, CCPA, HIPAA, GDPR, PCI DSS and more). Since AirSlate collected and stored sensitive customer information, they needed to be sure that engaging a third-party provider wouldn’t violate strict rules and lead to financial and reputational losses.
For such cases, UnderDefense had its own proven workflow. So, working with AirSlate, we utilized metadata and telemetry, meaning that all information coming from the client’s side was only related to system or network performance. Consequently, we didn’t process or store any personally identifiable information (PII) and had read-only access to the client’s resources. Such an approach prevented data leaks and compliance failure.
Improving the security posture with 24/7 protection
The pilot project for EDR testing was successfully delivered, and we initiated full-scale deployment across all hybrid environments (MacOS, Linux, AWS, and Kubernetes).
Besides CrowdStrike implementation, the client delegated 24/7 endpoint security monitoring and incident response services to UnderDefense. And since our SOC team is scanning the threat landscape non-stop, we can react immediately to actual risks, plus prevent them proactively. For instance, if our SOC analysts notice a new activity close to ransomware, they analyze its patterns and check if it poses a threat to AirSlate. And if we find out that it might potentially threaten the client, there are two possible scenarios:
- If our team has rights and access, we create specific rules and algorithms to address the threat proactively and prevent any irreversible consequences for the business.
- If the preventive measures should be implemented on the client’s side, our SOC team gives recommendations and actual guidelines to the in-house team. Later, we double-check and ensure that those measures have been implemented successfully.
Integrating the new EDR platform & Solving Crowdstrike deployment problems
As was discussed at the beginning, the UnderDefense team took on all the tasks related to CrowdStrike’s seamless integration and optimization. During this stage, we couldn’t allow business operations to stop or slow down. So, we had to ensure that the company and all the services were up and running smoothly despite the engineering activities happening in the background.
However, considering the client’s scale of the infrastructure, hybrid environment, OS diversity, and other business peculiarities, the implementation wasn’t possible right out of the box. Crowdstrike itself required much customization and serious fine-tuning of separate elements. So, the UnderDefense team contacted the vendor directly and held all the communication with the vendor’s support team. We created case submissions and tickets to adjust CrowdStrike agents to meet the client’s requirements and expectations.
During the platform’s fine-tuning and optimization, our team constantly communicated with the client’s in-house security team. To avoid misconfiguration and business disturbance, we clarified what activities must be blocked and what step the platform must take instantly. Moreover, the integration of a new tool allowed UnderDefense to discover possible areas for cybersecurity improvements. So, we’ve created a comprehensive list of recommendations for the client and analyzed the potential value they might bring to the business.
Outcomes
So far, the collaboration between AirSlate and UnderDefense has been rewarding. And most importantly, some of the outcomes have even exceeded the expectations. Besides the enterprise-wide improvements in the client’s security posture, we could also build effective communication between teams, free up internal resources and let AirSlate IT professionals focus on more critical tasks.
Other significant achievements include:
Seamless EDR implementation in 23 business days
CrowdStrike is an effective but complex solution that should be properly integrated, optimized, and often customized to align with business needs. That’s what UnderDefense did for the client and ensured the maximum value for the money.
The core deployment to 1200 endpoints took only 23 business days and went smoothly without disrupting critical business operations and flows. During this time, we implemented the platform and ran full-scale cybersecurity based on EDR. It included deployment, fine-tuning, stress testing, and completing tabletop exercises to ensure the client’s and UnderDefense’s teams worked fine together. As a result, all the valuable assets are effectively protected around the clock.
Non-stop protection of the hybrid environment
Continuous monitoring and incident response were high on the client’s agenda for a long time. However, that’s where UnderDefense could bring even more to the table. Our experienced SOC engineers have introduced a proactive and effective approach to business protection. They work in perfect coordination with the in-house DevOps, IT, and Security teams. But most importantly, our MDR solution gave the client the necessary confidence to focus on more high-level, strategic tasks.
More effective resource allocation that saves over $2M yearly
Partnering with UnderDefense, the client was able to address its blind spots in system protection, lessen the burden on the in-house teams, and focus them on more critical initiatives. But most importantly, AirSlate could save nearly $2,099,840 per year by eliminating the need to recruit, educate, and retain cybersecurity talents in-house.
Today we are proud of the results we’ve achieved with the client’s team and look forward to working on more goals and plans together. Our collaboration continues, and we’re glad to be a part of this inspiring cyber story.