Keeping Tabs on Fast-moving Endpoints: How Exabeam Helps Baker Donelson Maintain Visibility Into User Behavior

Baker Donelson is a multinational law firm, with more than 20 global offices and 130 years of experience. An AMLO 100 firm, they employ more than 1,400 people, 700 of whom are attorneys. The firm represents more than half of the Fortune 100 and a quarter of the Fortune 1000, including large financial institutions, governments and healthcare organizations…and the sensitive information that comes with them.

“We have multiple domain controllers, firewalls, IDS — every office is essentially a mini data center, so security data is very distributed. But it all needs to be centralized and monitored,” says Chief Information Security Officer Carl Scaffidi, Baker Donelson. Read the full case study on why Baker Donelson picked Exabeam to protect their data.

Securing the endpoints

Now, while law firms don’t generally have thousands of employees, through their clients they become the custodians of masses of highly sensitive data that needs safeguarding. Traveling employees, the moving endpoints, have access to healthcare, financial and intellectual property data, often accessed from coffee shops, hotels and airports.

Working with a small security team and being cognizant of the fact that they had a growing number of programs that needed monitoring and data that needed centralizing, the Baker Donelson team knew they wouldn’t be able to rely on a traditional SIEM solution. 

Additionally, the firm has to meet growing compliance requirements across the board, while keeping their budget tight and still be able to scale financially and be efficient.

“We needed to keep things high fidelity. We couldn’t waste time chasing down false positives.”

An agile security solution 

Ultimately, the team needed a solution that could help them progress to a more mature security posture, by incorporating activities like threat hunting, to take a much closer look at security events when the need arises.

“Where we are now, operating in a state of assumed compromise, we need to be able to dive a little deeper when it seems necessary,” says Scaffidi.

Baker Donelson initially tested out a host of open source SIEM solutions for their affordability. They quickly realized that the time and effort as well as functionality they needed wasn’t forthcoming.

“We didn’t have a lot of time to care and feed and learn and build that stuff on our own and limited support from those open source vendors made it really difficult to roll out our own SIEM platform. One thing we did stumble across, was the ELK stack,” Scaffidi explains.

The foundational elements of the ELK Stack (Elasticsearch, Logstash, and Kibana) turned out to be pretty interesting to the team. It just so happened that Exabeam is like a professionally managed ELK, albeit much, much more.

Scaffidi elaborates on why he selected Exabeam, “We were able to go clean it up and didn’t really have to worry about it, so that really made things efficient, made things a lot quicker for us. We weren’t chasing our tails. We weren’t overly worried about what we might be missing, and it really showed value.”

Ultimately, choosing Exabeam meant that the Baker Donelson security team could carry out faster investigations and detect anomalies quicker, eliminate false-positives and gain greater visibility into endpoints that might be in one city today and another by tomorrow morning.

“Exabeam gives us visibility into our endpoints, cloud, and identity and access management. If you’re able to get in there and correlate all that stuff, get that telemetry, you get a pretty good overview of what’s going on in your environment,” says Scaffidi.

For more on why Baker Donelson picked Exabeam, I invite you to read the full case study.