As a one of Latin America’s largest beverage services and retail businesses, FEMSA faces the daily challenge of supporting a portfolio of large brands that include Coca-Cola and Powerade; as well as 20,000 retail locations across the world. Part of supporting its 360 million consumers and 300,000 employees is investing in top-notch cybersecurity.
In recent years, FEMSA has experienced significant growth, leading the company’s SOC team to realize their cybersecurity and incident response program needed an update. With each year, cybersecurity technology increases in sophistication, and FEMSA wanted to take advantage of that. This case study show why the FEMSA team chose Exabeam to cut down incident response time.
A modern SIEM with UEBA
FEMSA’s first task was to evaluate multiple security information and event management (SIEM) vendors, and it immediately became apparent that user and entity behavior analytics (UEBA) was the best option. Instead of merely monitoring activity based on IP addresses, UEBA would leverage the latest technology to track user-based events.
There was one challenge specific to FEMSA with that, though. FEMSA’s business model combines retailers, distributors, and hundreds of thousands of users spread across the globe. That meant standard UEBA solutions wouldn’t work. They needed technology with the intelligence and power to handle their complex environment.
Machine learning and FEMSA
The search for the right UEBA vendor took time, as FEMSA thoroughly evaluated multiple solutions. As they narrowed down the options, they soon discovered that machine learning was the key to keeping their systems safe. FEMSA tested several SIEM vendors both in their lab environment and at their data center in Mexico, eventually finding one that stood out from the rest.
Exabeam’s UEBA capabilities won the team over after trying multiple solutions. FEMSA also liked that the platform includes 600 machine learning model configurations included in the installation, which means the team won’t have to spend time setting up and tweaking threat monitoring and response. It saves time while also providing the comprehensive capabilities they need.
Faster response time
One of the biggest differences UEBA has made for FEMSA is its response time. The security team has a service level agreement (SLA) promising a 60-minute turnaround on every incident. Before implementing Exabeam, that SLA was a challenge due to their small team and limited resources. Every time there was an alert, they had to manually connect data sources and research to gather information on incidents. They weren’t quite making their SLA, often logging a response time of about 74 minutes.
Today, that response time has been able to not only meet the SLA, but beat it, with response times as quick as 45 minutes, a 25% improvement. Internal clients, impressed with this, asked that the SLA be adjusted to 45 minutes, which FEMSA can now easily meet. Thanks to Exabeam’s security orchestration, automation and response (SOAR) solution, the team can now easily detect issues and take action on them.
“We dreamt about having something like SOAR. Now that we have it, we can respond in 43 minutes.” – Rhett Nieto, FEMSA IT Security Chief
Better incident detection
Turnaround time isn’t the only aspect of operations Exabeam has improved. FEMSA now has access to the MITRE ATT&CK framework, which has boosted the number of known incidents they can track from 50 to 120. Using this new framework, FEMSA’s cybersecurity team is also working to gather even more data on threats to ensure that their infrastructure is as protected as possible.
The team saw immediate ROI: The platform passed its first big test within a month of FEMSA moving its entire operation to the platform. A zero-day exploit was detected on the very first day it attempted to gain entry into the network. Before Exabeam, this detection would have taken two to three days, so this only further boosted FEMSA’s confidence that the company’s data was better protected.
A happier team
But perhaps the biggest benefit of having such a robust platform is that the security team has the support it needs to do a great job. The team is especially impressed with the report-generation tools built into the Exabeam Security Management Platform. The network traffic analysis reports that once took 45 to 90 minutes to generate can now be pulled in only eight minutes.
In addition to its network traffic reports, the FEMSA team no longer has to change security rules and models manually, thanks to Exabeam. By automating rules and reports, Exabeam reduces the team’s workload, giving the cybersecurity team more time to focus on other things. This saves money overall, while providing an even more comprehensive service.
With Exabeam in place, FEMSA can better protect its data while also making things easier for their cybersecurity team. As a result, everyone from the employees to the business partners are better protected and the leadership team can sleep easier, knowing if there’s an incoming threat, it will be detected right away. Read the full case study here.