How a Global Bank Deployed XDR Without Changing Their Security Stack

20th July 2022


XDR is all about risk and threat correlation and response – but do you really need a new product to do that? Crown Agents Bank found that their existing tools, along with CyGlass, did the job – and at a much lower cost.

In the latest Gartner SecOps Hype Cycle Report, XDR is at the Peak of Inflated Expectations. Gartner defines this stage as an over-enthusiastic and unrealistic projection, a flurry of well-publicized activity by technology leaders that results in some successes, but more failures, as the innovation is pushed to its limits.

Simply Put – Lots of inflated stories, very little real success.

But the underlying premise of XDR, better integrated and correlated event detection and response, has long been the “silver bullet” for cybersecurity leaders everywhere. Crown Agents Bank (CAB), like many organizations, has many cybersecurity technologies deployed. These tools’ siloed nature and correlation limitations made them noisy, a common problem that can lead to missed alerts, slowed response times, and employee stress.

What CAB needed was the analytic capability to examine its network and the output of its security tools, correlate that data, and present the big picture of what was really happening, i.e., XDR capabilities. But, CAB did not want to wait for an XDR solution that worked nor to buy a whole new stack of security tools.

Building XDR Capabilities Today

A technical deep dive with CyGlass highlighted its cloud-native, SaaS approach that added no new hardware and cut roughly two-thirds of the cost of a legacy network detection and response tool. Hence, CyGlass met budget requirements.

The ability of CyGlass to analyze and correlate network, cloud, and identity out of the box, detecting and remediating threats with advanced AI meant a reduction in SecOps workload and alert fatigue. Additionally, an open set of APIs enabled easy integration with existing tools, including the bank’s existing EDR solution. Again, CyGlass met project features and capabilities requirements.

For CAB, CyGlass is a “top of the pyramid” technology that eliminates the need to spend time drilling down to the bottom of the pyramid to investigate what happened, why, how often, etc. Tom Rybinski, Global Head of IS Risk Management, said, “Now we know if something happens, the first place we go to is CyGlass.”

A SaaS model means that CyGlass delivers immediate and increasing value as it integrates new technology and data sources. “Now we are thinking, what else can we throw into Cyglass, because it does not take a lot of time and money to gain greater visibility and a better return from the tools we have prioritized.”

So yes, you can deploy XDR capabilities today – with the right AI foundation.

Read the entire Crown Agents Bank Case Study Here.

Bill Munroe

VP Marketing, CyGlass