Customer Stories

Cedar Scales Security and Gains Better Visibility with Panther

A modern approach to security operations leveraging detections-as-code.

About The Company

Cedar is revolutionizing healthcare technology & patient experience. Cedar combines healthcare, tech, and design to create a seamless financial experience for every patient. Cedar serves more than 10 million patients per year and works with 33 client partners around the United States. 

Cedar collects, processes, and stores healthcare and financial information for its customers and partners. The Cedar security team needed to unify data, enhance security monitoring, accelerate business decision-making, and document activities to meet strict compliance mandates.

“Panther has made it easier to test, maintain, and collaborate across our teams. By adopting Python for detections and code-driven workflows for detection management, our team has been able to build better rapport with the product engineering squads who use the same tools and processes – now, our security team uses the same GitHub repo, code editor, continuous integration and testing tools as other teams.”

– Aaron Zollman, CISO, Cedar

The Challenge

Too much data from too many places

Cedar’s security team relied on a combination of traditional SIEM solutions and open-source software to monitor its services, applications, and security controls. However, these failed to support the volume of log data generated from disparate cloud sources and were unable to map back to Cedar’s unique business needs for security, leading to poor performance and incomplete visibility. 

Inability to scale with business

As Cedar rapidly grew and evolved, it adopted many new applications and cloud services. Across the organization Google Workspace (formerly GSuite) became a key collaboration tool, but each team used it differently. The increased IT complexity increased the risk of data breaches and noncompliance.

Scattered storage and diverse data formats

Cedar lacked a centralized source of cloud data, increasing the costs associated with monitoring security and responding to audit requests. The team sought a solution to future-proof its security program that could standardize data formats and act as a single source of record for investigations.

The Solution: Detections-as-Code 

Gaining real-time visibility into security risk changes

Cedar leverages Panther Data Models to create universal detections that apply across multiple log types to generate custom logs. Cedar configured their AWS CloudTrail to send data to Panther, established an alerting threshold, and pushed alerts to their Slack channel for faster review. 

Leveraging Infrastructure-as-code to scale security 

Cedar deployed Panther as Infrastructure-as-code (IaS) to build its logging infrastructure while also reducing the overhead associated with collecting new data from their cloud. By using serverless functions like SQS, S3, and Lambda, Cedar’s security team can ingest and unify new data across multiple cloud accounts and regions. 

Creating a security alerting prioritization process

By using Panther to build alerts with Python, Cedar’s team created a repeatable and easy-to-maintain process that enabled consistency across divergent cloud resources. When the security team creates a new detection, a branch from the repository is pushed to source control, and a pull request is opened. When the merge occurs, Cedar’s new detections are automatically pushed to Panther for consistent and reliable deployments.   

Applying CI/CD to security and compliance 

Using Panther, Cedar can easily build new rules that allow them to continuously iterate their security program. The Panther platform enables Cedar to easily integrate detection management into its CI/CD pipeline for an automated, hands-off approach to deploying new alerts. 

Enhancing controls with detection-as-code

Cedar’s team customizes alerts, sets baseline behaviors, and utilizes popular security libraries for enhanced monitoring, detection, and response. The team now manages all of their detections as code in a GitHub repository and uses source control to conduct code review and versioning. Because all of their alert logic is written in Python, the Cedar team can quickly understand the alerts generated, providing better visibility into patterns and greater control over alerting.  

The Results: A Small But Mighty Security Team 

With Panther’s ability to create a unified view of people, processes, and technology, Cedar’s security team created an automated, systematic, repeatable, predictable, and shareable approach to security that improves their overall security posture.

Name Cedar
Industry Healthcare
Year 2016
Location New York, NY
Company Size 101-250
Service Cedar is a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience.
Solution:
Log Analysis, SIEM, Detection & Response

Run Panther

Learn how to secure your cloud, network, applications, and endpoints with Panther.

Request a Demo

Contents

Related Resources

Blog Post

5 Benefits of Detection-as-Code

Read more