Case Study: McQueen Solutions achieves data-driven anomaly detection and stronger threat hunting with Elastic

McQueen Solutions - Customer Case Study

Cyber Security Innovations, represented by Jared McQueen, faced the common SOC challenge of missing malicious activity hidden in high-volume logs when using alert-driven tools and costly SIEMs. Analysts were overwhelmed by raw, low-value events and needed a way to uncover threats like drive‑by malware, DNS tunneling, C2 channels and data exfiltration without drowning in noise.

The team shifted to a data‑driven approach built on the Elastic Stack, enriching events (GEOIP, TLD parsing, string length, Shannon entropy) at ingest, then using visualizations, averages and moving standard deviation to surface statistical anomalies. This enrichment made low‑value logs actionable, reduced false positives (for example distinguishing benign CDN patterns from suspicious eej.me domains), and materially improved detection and hunting capability while highlighting storage and performance tradeoffs to manage.

McQueen Solutions

Jared McQueen

Principal Systems Engineer