With wire fraud attempts and other cyberattacks growing in speed and sophistication, Anywhere examined its security stack built on legacy tools for antivirus and endpoint detection and response (EDR). One problem was alert fatigue, explained Brett Fernicola, Senior Director of Security Operations, Cybersecurity and Incident Response at Anywhere. “Our EDR had out-of- the-box rules, but we were getting up to 30,000 alerts per day.” To reduce the noise, he and his team began building their own detections, but they took a long time to write and test, pulling the team away from other tasks. “We exhausted the amount of time and energy we could spend constantly tuning the product, so we started looking around for a new player ... one that curated the data and provided built-in detections and threat intelligence so we didn’t have to spend every waking hour ensuring the product functioned as desired,” said Fernicola. Anywhere also wanted to consolidate to one security platform for endpoint protection and next-gen antivirus. Its legacy stack had multiple agents from multiple vendors — all competing for CPU and memory, which slowed things down and added complexity. “The legacy AV mentality is to run scheduled scans on all files, but the juice isn’t worth the squeeze,” explained Fernicola. “With CrowdStrike, only the files being accessed or modified are inspected, which was a big win for us.” Finally, Anywhere wanted a fluid and easy interface to export data for threat hunting. “In a breach scenario, we need our EDR product to be effective in the hands of a junior incident responder. They shouldn’t have to be an expert in scripting or database languages to retrieve info and search for IoCs,” said Fernicola. With this long list of requirements, Anywhere compared CrowdStrike against other security vendors. During the test, Fernicola performed common malware and virus executions to ensure the basic functionality was there. He also did advanced red-team testing for lateral movement, dumping passwords and hashes, and other actions. The difference was clear when Fernicola tested data-exporting functionality. “One security vendor absolutely failed,” said Fernicola. “They collect all the data but there’s no schema or documentation for exporting. For another vendor, the process required too many clicks and was too prone to errors.” Anywhere found the performance it needed in CrowdStrike. “With CrowdStrike, we can easily export and search data for threats. Then, if we want to take the next step and go into the details, that process is straightforward,” said Fernicola. “Plus, only CrowdStrike delivered a unified view of our security posture from one command console.”

Today, Anywhere uses Falcon Insight XDR for endpoint detection and response. The market-leading EDR product was deployed rapidly without friction or reboots across 20,000 endpoints, including every Linux, Windows and Mac endpoint at the company, covering 100,000 users. “It’s two for one,” said Fernicola. “We get an aggressive detection and blocking policy. “Plus, we can set it and forget it. If someone introduces a security risk, Falcon Insight will either block it or alert us right away if something nefarious happens.” Managed threat hunting was another major win for Anywhere. With only a handful of full-time security staff, Anywhere now relies on Falcon OverWatch Elite for 24/7 eyes-on-the-glass managed threat hunting with designated analysts. As a result, alerts have dropped by 500x. “With our legacy tools, we struggled to know which alerts were valuable,” said Fernicola. “OverWatch Elite takes the noise out of alerts. We now get around 200 alerts per month and 98% are true positives. There’s no noise, no junk ... If it hits, it’s a problem and we’re investigating it.” For Anywhere, having experts watching over its environment provides peace of mind. “With Falcon OverWatch Elite, we have experts watching over our environment 24/7. When something suspicious happens, we get a phone call so we can figure out what’s happening and shut down the attack within minutes,” said Fernicola. “That alone is worth its weight in gold.” By consolidating to the Falcon platform, Anywhere gets a single lightweight agent for modern endpoint security plus Falcon OverWatch Elite at a price it can afford. “With CrowdStrike, we were able to sunset legacy AV, sunset legacy EDR and consolidate our budget to afford Falcon Insight with Falcon OverWatch,” said Fernicola. “From a productivity and efficiency standpoint, there’s tremendous value in consolidating on the Falcon platform.”

With its modern security stack in place, Anywhere further cements its reputation as a highly innovative company, hellbent on using technology to power and protect its business. “We have the best of the best with CrowdStrike,” concluded Fernicola. “For us, using the Falcon platform along with OverWatch puts us in the 99th percentile for security. As both companies continue to innovate, I look forward to seeing where this great partnership can take us.”