Customer Stories

Scribd Migrates to the Cloud with Panther

Real-time visibility into AWS cloud infrastructure allows Scribd to move confidently into the cloud


  • Rapidly expanding cloud infrastructure
  • Long-term retention and analysis for large volumes of security data
  • Ensuring consistent configurations across AWS infrastructure


  • Real-time event and infrastructure monitoring
  • Cloud data storage and granular, customized alerts
  • Out-of-the-box detections for identifying AWS misconfigurations


  • Security visibility across 20+ AWS accounts
  • Increased productivity with high fidelity customized alerts
  • Faster infrastructure creation with fewer misconfigurations

About Scribd

Scribd is an ebook and audiobook subscription service with one million titles and 60 million documents. In 2020, Scribd migrated its entire infrastructure from a legacy data center to Amazon Web Services (AWS).

Scribd needs to collect, process, and analyze AWS data, SaaS application logs, and more to ensure security for its employees and more than 80 million users.

“Panther has proved incredibly easy for our security team to roll out to a multi-account enterprise environment, and we’re confident we have a scalable security architecture for the future.”

– Joy Sakai, Director of Core Infrastructure and Security, Scribd

The Challenge

As part of its cloud migration strategy, Scribd needed to ensure that no cross connections existed between the development and production environment systems accounts. The company used AWS universal event logging for all resources and established highly granular permissions settings. However, for full visibility, Scribd needed to optimize native AWS CloudTrail, AWS IAM, and the Instance Metadata Service (IMDS) event logging and permissions settings.

Visibility Issues Limited Scalability

As Scribd expanded its infrastructure, managing event logging in the AWS supplied tools became time-consuming and burdensome. Moreover, Scribd soon found that the native tools failed to provide the level of visibility they needed.

Lost Productivity from Poor Alert Quality

While Scribd was able to set granular controls to secure its AWS environment, alerting within the native tools lacked the context necessary to prioritize alerts. Additionally, AWS tools lacked the ability to customize alerts, leaving Scribd unable to extend the IAM permission granularity to other types of rules and policies. This meant security staff wasted valuable time investigating false positives.

The Solution

Flexible, Extensible Cloud Security

Scribd adopted Panther to extend the value of native AWS cloud security tools for a more robust cybersecurity posture

Customization for High Fidelity Alerts

Using Panther’s Python-based rule customization capability, Scribd created highly granular alerts aligned with similarly granular IAM permissions. Panther empowered Scribd’s security because anyone who could read basic Python and understand AWS terminology was able to make new rules and policies. Additionally, Scribd stored all customized rules and policies in their version repository so that they could batch upload them to the system.

Out-of-the-Box Rules and Templates for Increased Productivity

Scribd leveraged Panther’s built-in rules and policies to accelerate their cybersecurity maturity, including real-time alerts like “EC2 Network Gateway Modified,” “EC2 Route Table Modified,” and “AWS VPC Default Security Group Restricts All Traffic.” Since Panther built its infrastructure on CloudFormation templates and Lambdas, Scribd was able to translate minimal IAM-related templates in Terraform to set custom IAM role names that enabled certain cross-account access.

Live Streaming Data with Detection-as-Code for Better Mean Time to Detect (MTTD)

Using Panther, Scribd gained real-time detection capabilities. With Panther’s ability to parse, normalize, and apply detection filters to data streams, Scribd reduced their mean time to detect (MTTD). Instead of collecting all data in a centralized database first then running queries against the information, Scribd used Python code to apply detections as Panther ingested data. By leveraging detection-as-code to eliminate the alerting delays that come with traditional solutions, Scribd created an agile, responsive monitoring program to strengthen their incident detection and response capabilities.

Request a demo today

Name Scribd
Industry Online Media
Year 2007
Location San Francisco, CA
Company Size 251-500
Service Scribd is an unlimited reading subscription that offers access to books, audiobooks, magazine articles, documents and more.

Run Panther

Learn how to secure your cloud, network, applications, and endpoints with Panther.

Request a Demo


Related Resources

Blog Post

5 Benefits of Detection-as-Code

Read more