Pegasystems Consolidates Endpoint, Identity and Cloud Security with CrowdStrike
Pegasystems, a global leader in AI-powered decisioning and workflow automation, is a strategic partner for many of the world’s leading brands. The company’s role as an enterprise software provider means it often operates under the radar of the general public — but that doesn’t shield it from cyberattacks.
Upon joining Pegasystems (Pega) in 2019, Director of Corporate Security Operations Steve Tieland quickly realized the company’s legacy antivirus solution was missing the mark. Its impact on developer productivity was one obvious problem.
“Our previous antivirus solution was really impacting developers and build times,” he recalled. “This was untenable, given the high demands on our software teams.”
Beyond performance issues, the company sought modern endpoint security to protect the company from attack. This led to a comprehensive search for a solution that could offer both superior protection and a frictionless experience for end users.
Pega switched to CrowdStrike to safeguard its infrastructure from ever-evolving cyber threats. This story explores how Pega implemented CrowdStrike and consolidated its endpoint, identity and cloud security for complete visibility and protection.
Deploying the Falcon Platform
After evaluating several cybersecurity vendors, Pega conducted a proof of concept (POC) to determine which solution would offer the best protection with minimal interference. The AI-native CrowdStrike Falcon® cybersecurity platform quickly emerged as the clear choice, impressing both the technical team and end users.
During the POC, CrowdStrike Falcon® Insight XDR for endpoint detection and response (EDR) outperformed competitors in malware detection as well, capturing 100% of the samples tested, while the competition detected only 75% (despite providing the samples). The superior detection rates, coupled with Falcon’s lightweight sensor, made the decision easy.
Within just six weeks, Pega deployed the Falcon platform to 5,000 endpoints and 6,000 servers. The rollout was fast, smooth and entirely managed internally by Pega’s team, demonstrating the ease of deployment and immediate impact of CrowdStrike’s solutions.
From EDR to Identity Protection
Pega started with CrowdStrike EDR managed by CrowdStrike Falcon® Complete Next-Gen MDR. Falcon Complete provided an essential managed detection and response (MDR) service for Pega’s small security team, acting as its first line of defense and enabling 24/7 threat monitoring and response.
Over time, Pega added several other Falcon platform modules, including CrowdStrike Falcon® Spotlight for vulnerability management and CrowdStrike Falcon® Discover for asset visibility. But perhaps the most pivotal addition was CrowdStrike Falcon® Identity Threat Protection to protect its on-premises Active Directory (AD) and Azure cloud identity stores.
“We really wanted identity protection functionality,” said Tieland. “With the ability to detect service accounts, admin accounts and compromised passwords, CrowdStrike gave us instant visibility into our identities and user behavior.”
By integrating CrowdStrike’s identity module, Pega could not only secure privileged accounts but also use behavioral analytics to detect unusual user activity. This became especially important as it worked to protect against multifactor authentication (MFA) fatigue and ensure suspicious activity was swiftly flagged for further action.
Enhancing Cloud Security to Protect AWS
As Pega expanded into corporate cloud environments, the need for comprehensive visibility into its AWS environments grew. In response, the company deployed CrowdStrike Falcon® Cloud Security, which integrated seamlessly with its existing CrowdStrike footprint, providing both agent-based and agentless visibility and protection against cloud breaches.
The initial focus was on protecting Docker containers and Kubernetes clusters. However, Pega soon realized Falcon Cloud Security provided much more. “Our auditors and cyber insurers ask a lot of questions,” said Tieland. “We now have visibility into configuration errors, vulnerabilities and misconfigured roles in AWS so we can answer those questions while getting better protection as well.”
With CrowdStrike, Pega gained detailed insights into vulnerabilities within its cloud environments, from EC2 instances to Docker images. This newfound visibility allowed it to patch vulnerabilities quickly and continuously monitor its AWS infrastructure for potential threats.
Continuous Improvement
Pega’s security strategy is rooted in continuous testing and improvement. Annual penetration tests and purple team exercises have shown marked improvements in the company’s defenses since adopting CrowdStrike. In one early test, five years ago, pen testers given internal access were able to compromise Pega’s Active Directory and gain a golden ticket for access. Adding Falcon Identity Threat Protection ensures such attacks are quickly detected and thwarted.
Pega’s next phase includes a deeper integration of CrowdStrike into its security operations, with plans to test CrowdStrike’s next-gen SIEM solution. By consolidating more third-party data into the Falcon platform, Pega aims to further streamline its security operations and enhance visibility across the enterprise.
Pega’s journey with CrowdStrike is a testament to the power of a unified security platform. Over the past five years, Pega has transformed its security operations, evolving from basic endpoint protection to a comprehensive security posture that spans identity, cloud and threat intelligence — delivering better security, faster.
For Pega, the value of CrowdStrike goes beyond the technology.