Post banner
Threat Stack 4 Min Read

How Allocadia Uses Threat Stack to Secure Infrastructure & Accelerate Sales

In this guest blog post, Sabino Marquez, Allocadia’s CISO, outlines his company’s experience using Threat Stack. Specifically, he explains how Threat Stack’s intrusion detection platform enabled Allocadia to secure its infrastructure, integrate security into Dev and Ops workflows, and significantly accelerate the sales cycle.

About Allocadia

Allocadia develops marketing performance management software that helps organizations build more aligned marketing plans, track spend more accurately, and measure impact on the business. Allocadia serves as a centralized system of record for marketing, improving visibility and control while enabling true ROI measurement. As one customer puts it, “Allocadia lets me run marketing more efficiently so I can do marketing more effectively.”

Sabino Marquez, Allocadia’s Chief Information Security Officer, is responsible for defending the product stack and managing the information risk management program, which includes information security, product security, privacy operations, third party assurance, secure posture assurance, social risk management, and resiliency governance.

The Challenge

Allocadia uses Amazon Web Services to deliver the Allocadia application to customers. As a SaaS application that holds confidential customer data, Allocadia needed an intrusion detection platform to meet security best practices and operational security requirements. By implementing Threat Stack’s intrusion detection platform (IDP), they achieved the operational security visibility they needed, increased sales velocity by reducing time spent in due diligence, and removed a significant amount of friction from the evidencing cycle required by enterprise security audits.

Prior to Threat Stack, Sabino and his team relied on default rulesets and the manual analysis of events to identify anomalies in the data flows. In addition to being time consuming and labor intensive, the process was fraught with challenges. “I was never really sure whether what I was seeing was what I was supposed to be seeing,” said Sabino, adding that “By the time we finished reviewing events to identify critical information, we were already a step behind the issue.”

Sabino’s team was at an operational disadvantage, and the remedy did not simply involve hiring more analysts. Sabino points out that “Security talent is just not there to be hired.” And even if it were, he needed an “automated solution that could rapidly do the first round of analysis, so we could then make risk-based business decisions based on clear, structured evidence of what was actually happening throughout the stack.”

The Solution: Threat Stack’s Intrusion Detection Platform

When Sabino’s team started using Threat Stack’s intrusion detection platform, they gained immediate structured visibility into the security context of their AWS environment — and received near real-time alerts on anomalous events without being overwhelmed by extraneous data. As Sabino points out, “Threat Stack identifies and prioritizes what needs to be looked at, and allows us to set business rules to manage the non-material events.” Sabino was sold on Threat Stack’s ability to address Allocadia’s unique needs in contrast to other solutions that were too generic or too heavy to customize: “We know our stack and how it should behave, and can now make more effective decisions because Threat Stack lets us easily implement rules that fit our flows for identifying anomalies.”

Sabino describes his team’s use of Threat Stack as follows: “Alerts are assigned to individual engineers, and we have a ten minute SLA for each alert. This means there is complete transparency and accountability for alerts as well as rapid response. It also means our engineers are continually learning. Over time, the number of high severity alerts is reduced as is the overall security risk. Threat Stack is a sticky tool and is integral to our process.”

Security is a Team Effort That Drives ROI

Sabino’s approach to stack visibility in AWS has evolved based on his experience using Threat Stack. He sees security as an integrated, cross-discipline function instead of a siloed activity that might not directly support the organization’s business goals, or might even be at odds with them. As Sabino put it, “Threat Stack pulls Development, Operations, and Security together. Now we have security throughout our organization, regardless of department. Instead of Security, Operations, and Development, we have OpSec, ProdSec, and DevSec. With Threat Stack, security has become more than a process; it’s a behavior and a team dynamic, with every team member now a security owner and Threat Stack keeping them accountable. Everybody is a member of the Security team at Allocadia, and, as the CISO, I empower them with the best tools to keep safe those data assets under our control.”

The business value and ROI are easy to see. When Development, Operations, and Security are integrated, processes are optimized, time to market is reduced, and a significant competitive advantage is created. When security and compliance are easy to demonstrate, they become business enablers that open up new market channels, shorten sales cycles, and further the organization’s business objectives. With help from Threat Stack, Sabino and his team were able to dramatically shrink the sales cycles by being able to provide all interested parties with real-time evidence of Allocadia’s secure and compliant posture. In Sabino’s world, “The Security team is a business team, not an IT team.”

Final Words . . .

Threat Stack’s intrusion detection platform gives Allocadia complete visibility, alerts on anomalous behaviors regardless of the approach an attacker takes, supports compliance, and reduces risk level over time. Since Allocadia adopted Threat Stack, its security posture has been strengthened, and security has gone from being a resource-intensive cost center to an automated practice that delivers ROI by shortening sales and compliance cycles.