Case Study: Woodforest National Bank - Exabeam

Exabeam Helps Woodforest Bank Reduce the Time It Takes to Respond to Cyber Threats

Financial Services
Fusion SIEM
Use Case
Compromised Insider

Founded in 1980, Woodforest National Bank operates more than 750 branches across 17 US states.

The bank serves well over a million customers, and is also Walmart’s largest retail partner. With Exabeam’s SaaSbased SIEM solution, the Woodforest team is able to more efficiently mitigate the breach to breach response gap.

Business Challenge

As a financial institution, you are the custodian of millions of people’s sensitive data, and the Woodforest team are well aware of their responsibility to their customers. To that end, an issue front and center for them is being able to close the gap between detecting and responding to possible threats – be they insider or otherwise.

Additionally, the fact that businesses in general have so many endpoints to monitor, means that no matter the size of your team, the sheer volume of alerts can easily cause ‘alert fatigue’.

“Exabeam was able to give us a lot if not all of the features that we were looking for in a next-gen SIEM,”
said Marc. For the Woodforest team, the fact that Exabeam’s tools integrate so well with data lake was a key component they were looking for.

“You have a lot of alerts coming in and we wanted to really narrow that down and have those alerts bubble up to the surface, be it a threat actor or something going on with an end-user here in the organization,” says Marc.

Vendor Selection and Proof of Concept

Woodforest Bank’s existing SIEM solution didn’t meet their needs, specifically when it came to more modern capabilities and the ability to automate. In their considerations, Marc and his team knew they needed something that incorporated security orchestration, automation and response (SOAR) and behavioral analytics, so as not to end up with just another log aggregator tool.

Use Cases

With the privacy data of well over a million customers on record, the Woodforest team needed a means of protecting that data and meeting the strict regulatory framework the financial services industry operates in. To that end, they needed a SIEM that could deliver more than just an endpoint solution, but rather an intelligent platform with powerful analytics and automation – SOAR.

“We wanted something exact and not just a solution that would throw out a bunch of alerts.” The Exabeam Security Management Platform (SMP) combines behavioral analytics with the ability to drill down into events and perform fast investigations, something the Woodforest team found valuable.

Finding the Needles You Didn’t Know You Had to be Looking for

As the Woodforest Bank team started their POC with Exabeam, the team had scheduled internal penetration tests, without their existing SIEM solution picking them up. The Exabeam SMP, however, flagged these tests as soon as we started our POC with the Woodforest team.

“The thing that won our team over was when we showed them that Exabeam saw the penetration testers what they were doing even as our existing, legacy SIEM failed to pick up on it,” said Marc.


After reviewing the market and a number of providers, we chose Exabeam to champion our vision of maximizing what the cloud offers as it relates to our security program. Exabeam’s SaaS-based SIEM means we have no infrastructure or system operations to manage. A cloud-first approach gives our team efficiencies versus operational management tasks; they can now focus on strategic security initiatives that continue to mature our enterprise’s cybersecurity program.

Marc Crudgington

Chief Information Security Officer, Woodforest Bank

Key Benefits

  • Increased visibility into anomalous behavior
  • Repeatability and efficiency – giving the network security team some of their time back
  • More organized security plan instead of just security activities performed when necessary
  • Enhanced incident response time and threat hunting capabilities