Cedar Scales Security and Gains Better Visibility with Panther

Cedar is revolutionizing healthcare technology & patient experience. Cedar combines healthcare, tech, and design to create a seamless financial experience for every patient. Cedar serves more than 10 million patients per year and works with 33 client partners around the United States. 

Cedar collects, processes, and stores healthcare and financial information for its customers and partners. The Cedar security team needed to unify data, enhance security monitoring, accelerate business decision-making, and document activities to meet strict compliance mandates.

The Challenge

Too much data from too many places

Cedar’s security team relied on a combination of traditional SIEM solutions and open-source software to monitor its services, applications, and security controls. However, these failed to support the volume of log data generated from disparate cloud sources and were unable to map back to Cedar’s unique business needs for security, leading to poor performance and incomplete visibility. 

Inability to scale with business

As Cedar rapidly grew and evolved, it adopted many new applications and cloud services. Across the organization Google Workspace (formerly GSuite) became a key collaboration tool, but each team used it differently. The increased IT complexity increased the risk of data breaches and noncompliance.

Scattered storage and diverse data formats

Cedar lacked a centralized source of cloud data, increasing the costs associated with monitoring security and responding to audit requests. The team sought a solution to future-proof its security program that could standardize data formats and act as a single source of record for investigations.

The Solution: Detections-as-Code 

Gaining real-time visibility into security risk changes

Cedar leverages Panther Data Models to create universal detections that apply across multiple log types to generate custom logs. Cedar configured their AWS CloudTrail to send data to Panther, established an alerting threshold, and pushed alerts to their Slack channel for faster review. 

Leveraging Infrastructure-as-code to scale security 

Cedar deployed Panther as Infrastructure-as-code (IaS) to build its logging infrastructure while also reducing the overhead associated with collecting new data from their cloud. By using serverless functions like SQS, S3, and Lambda, Cedar’s security team can ingest and unify new data across multiple cloud accounts and regions. 

Creating a security alerting prioritization process

By using Panther to build alerts with Python, Cedar’s team created a repeatable and easy-to-maintain process that enabled consistency across divergent cloud resources. When the security team creates a new detection, a branch from the repository is pushed to source control, and a pull request is opened. When the merge occurs, Cedar’s new detections are automatically pushed to Panther for consistent and reliable deployments.   

Applying CI/CD to security and compliance 

Using Panther, Cedar can easily build new rules that allow them to continuously iterate their security program. The Panther platform enables Cedar to easily integrate detection management into its CI/CD pipeline for an automated, hands-off approach to deploying new alerts. 

Enhancing controls with detection-as-code

Cedar’s team customizes alerts, sets baseline behaviors, and utilizes popular security libraries for enhanced monitoring, detection, and response. The team now manages all of their detections as code in a GitHub repository and uses source control to conduct code review and versioning. Because all of their alert logic is written in Python, the Cedar team can quickly understand the alerts generated, providing better visibility into patterns and greater control over alerting.  

The Results: A Small But Mighty Security Team 

With Panther’s ability to create a unified view of people, processes, and technology, Cedar’s security team created an automated, systematic, repeatable, predictable, and shareable approach to security that improves their overall security posture.

  • Disparate data storage created a lack of centralized visibility
  • Inconsistent data formatting slowed down security response
  • Rapid company growth strained IT and security resources
  • Centralized data ingestion and formatting in Panther using serverless functions like SQS, S3, and Lambda
  • Adopted detections-as-code and CI/CD workflows to enhance controls and threat coverage
  • Leveraged data models to create universal detections that alert on security risks across multiple log types
  • Streamlined and prioritized alerts that reduce false positives and analyst fatigue
  • A scalable, future-proofed security program that can grow alongside the team’s needs

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo