Qlik selects Expel for 24x7 monitoring for Qlik Sense
Finding an MDR that “speaks cloud” was a priority
The company
Qlik’s vision is a data-literate world, one where everyone can use data to improve decision making and solve their most challenging problems. The company offers end-to-end, real-time data integration and analytics solutions that help organizations access and transform all their data into value. Qlik helps companies lead with data to see more deeply into customer behavior, reinvent business processes, discover new revenue streams and balance risk and reward. Qlik does business in more than 100 countries and serves over 50,000 customers around the world.
The situation
Jeremy Stinson, Principal Architect at Qlik, was starting to plan for building out the company’s latest SaaS solutions, Qlik Sense Business and Qlik Sense Enterprise on Cloud Services. He knew Qlik needed to find a 24/7 managed detection and response provider who could “speak cloud.”
Evaluating options
When Stinson set out to find a managed security vendor, he started by contacting many of the legacy MSSP and MDR providers. “I talked to all the vendors you’d expect,” he said, “including the MSSP that another part of our organization was already working with.”
However, when Stinson started talking with the vendors about their cloud capabilities — asking questions about managing Kubernetes and containers and IAM users — he quickly learned that most of the vendors had very little experience with protecting cloud-native workloads and applications.
“When I started asking for examples of cloud use cases, I was met with blank stares,” he recalled. “If vendors have worked with cloud before, then they should have plenty of use cases to share with you. They should be able to give you examples of what they’re monitoring and how they respond to various alerts, both that they generate and ones that AWS generates. This is a great way to dig in and understand whether a potential vendor is actually capable of (and good at) what you’re asking them to do, or if ‘cloud’ is something on a future roadmap.”
Stinson was particularly interested in vendors’ knowledge of Kubernetes, an open-source container orchestration system that automates application deployment and management. “Our SaaS solutions are built on Kubernetes, and when I shared that fact with one vendor we were evaluating, his response was, ‘Kubu-who?’ That conversation didn’t last very long,” Stinson recalled.
In addition to testing a vendor’s cloud knowledge, Stinson and his team carefully evaluated whether a vendor’s product would work seamlessly within their current processes. “When we consider adopting any new tech, we need to be confident that it’ll fit into our stack. Does it have an API? Is there anything we can automate? We look for vendors that can plug into the way we do things here at Qlik,” he said.
How Expel helped
After engaging with several vendors that weren’t a good fit, Stinson and his team sat down with Expel.
“The best part about our conversation with Expel was that they showed us exactly what they were monitoring today from a cloud security standpoint, and what they could get up and running immediately,” recalled Stinson. “Expel was already using Kubernetes — the team knew how it worked and how to secure it. So it was very easy for me to say, ‘Okay, these are the guys we’re going to partner with because they understand exactly where we are today in our security journey.’ It was an easy decision.”
Once Qlik selected Expel, Expel’s analysts quickly integrated Qlik’s existing security tech into Expel Workbench™ and turned on the service.
Benefits
The benefits of working with Expel became apparent to Stinson and his team shortly after they turned on the service.
“I have a traditional SOC background — I’ve spent lots of time tuning out false positives, creating rules, writing regular expressions and writing scripts,” said Dzingai Zivuku, senior security engineer at Qlik. “By the second or third meeting with the Expel team, I realized that I wasn’t having to do any tuning work because they were doing it for me. This gave me the opportunity to focus on more of the actual security work I need to do. That was a huge win for our team.”
The Expel team also helped Qlik integrate new security tech. Recently, Expel added the Signal Sciences WAF to Qlik’s list of security tools. “As we were onboarding the new tech to Expel Workbench, the Expel analysts wrote rules and placed them into our production system, which helped us get certain signatures that we didn’t even know we should have in our production system,” said Stinson. Additionally, Stinson and his team run regular penetration tests to test the security of their platform and Expel’s response.
“This was a great opportunity for us to show that our controls and tools actually work,” said Stinson. “And the best part was that we had zero data loss during the simulation.”
Benefits of partnering with Expel
- Rapid detection and response to threats
- Clear communication between teams
- Quick, easy onboarding
Looking ahead
As Qlik expands its product offerings, the company’s focus is on scaling both its products and its security in the near future. “We’re working on several new offerings, and predicting that these will add lots of new users each week. This increase in customers will come with more responsibility for the security team — we’ll be maintaining more services, data and keeping it secure.”
“We consider Expel to be one of our true partners. We’ve had nothing but very, very positive experiences — and we can’t say the same for every other vendor we work with. We’ve been so happy with the service, in fact, a different division of our company recently dropped their MSSP and started working with Expel.”