Global real estate investment firm chooses Expel for 24x7 security monitoring

Ivanhoé Cambridge shrinks alert-to-fix time to minutes and saves $150K by optimizing security signal

The company

Ivanhoé Cambridge is a global real estate investment firm owned by a large pension fund in Quebec. It develops and invests in high-quality real estate properties, projects and companies that shape the urban fabric of cities around the world. The company manages approximately $60 billion in real estate assets for the pension fund, including office buildings and shopping malls.

Every provider makes big claims but they can’t back them up. With Expel, I have access to Expel Workbench™ and can log in any time I want to see what analysts are working on, how they’re handling a particular alert and what’s in the queue.”

⎯Patrick Gilbert | Head of security and Senior IT Security Manager

The situation

Head of security and Senior IT Security Manager, Patrick Gilbert, manages a team of analysts at Ivanhoé Cambridge. His analysts are responsible for managing the company’s high volume of security alerts. He described the process of ingesting and reviewing alerts as “gruesome.” Worried about potential team turnover, he started to look for solutions that could improve their approach.

“Most of the alerts that surfaced required the team to investigate after regular business hours,” Patrick said. “I was worried about alert fatigue with my team, which was a major motivating factor in our decision to find a SOC-as-a-service provider.”

Patrick also wanted to free up his team to focus on more strategic security initiatives that were unique to Ivanhoé’s business, like creating an insider risk management model.

Evaluating options

There were several attributes Patrick was looking for in a security partner: he wanted a service that could easily integrate with his existing tech stack, demonstrate value to both him and to his fellow executives and do all of that while automating the response to millions of alerts.

He and his team evaluated multiple managed detection and response (MDR) providers, and quickly discovered that Expel was the only tech-agnostic provider that could work with more than 50 different security tools and cloud services. He was shocked to find that other vendors all required a rip and replace of his endpoint and network security tools.

Expel’s transparency immediately piqued his interest, which was helpful not only for Patrick’s team but also for communicating Expel’s value to fellow executives and the company’s board of directors.

“Every provider makes big claims but they can’t back them up. With Expel, I have access to Expel Workbench™ and can log in any time I want to see what analysts are working on, how they’re handling a particular alert and what’s in the queue,” he said. “I also keep our shared Slack channel up on one of my computer monitors at all times. It’s easy for me to ping the Expel team and get updates from them.”

Beyond the ability to watch an investigation unfold as it happens, Patrick saw value in being able to easily export information about Expel’s investigations and present those insights to other executives and the board of directors.

“My peers at the executive level and our board of directors aren’t solely focused on security, so the easy-to-understand reports in Expel Workbench help me clearly tell the story and show the continuous value we get from working with Expel,” he said.

Expel helped us optimize our security signal, which saved us about $150,000 a year. Now we’re using that money to accelerate several other strategic security initiatives.”

⎯Patrick Gilbert | Head of security and Senior IT Security Manager

How Expel helped

Expel turned on its 24×7 monitoring service quickly for Ivanhoé Cambridge, connecting to tech like endpoint detection and response (EDR), network and SIEM tools, along with cloud platforms and SaaS apps like Amazon Web Services (AWS), Microsoft Azure and Office 365.

Patrick recalls the process being “painless.”

“Expel’s pricing model is so straightforward that I knew exactly what the service would cost me once we got all our tech connected,” said Patrick.

“It was also incredibly helpful for me to see Expel’s roadmap before we purchased the service; knowing what integrations they’re building and what will be available in the future helps me make decisions about the new tech I decide to purchase.”

Patrick and his team quickly noticed the benefits of working with Expel – cost savings, automation that saved his team time, rapid communication and a strong partnership between the Expel team and his own.

Looking ahead

Patrick predicts that Expel’s approach could set an industry standard.

“Expel’s model is basically the next big thing, but the industry doesn’t know it yet. In-house cybersecurity is still a buzzword because the techies still love it and love to do it themselves. But the novelty is going to fade,” he remarked.

“Think about home alarm systems now – nobody tries to build their own. They pay a provider to come in and install their technology. If something bad happens, the owner is notified. We’re going to see the same shift in cybersecurity,” Patrick concluded.