Case Study: Optum360 achieves real-time, scalable cybersecurity analytics with Elastic

Optum - Customer Case Study

Optum’s Enterprise Information Security team, led by Johanna Favole and William Casey, faced a noisy, fast-changing cybersecurity landscape: 140M customers, operations in 130 countries, 250k+ endpoints, 8+ TB of raw logs daily and roughly 7 billion events per day. Existing SIEM and data-lake efforts left them with data silos, unusable logs, overlapping compliance requirements and slow investigative workflows, creating an urgent need for faster, more flexible threat detection and ownership of organizational data.

They built a scalable security big-data platform using open-source components—Elasticsearch/Kibana, Hadoop, Kafka/NiFi—integrated threat feeds, enrichment sources and strict role-based access controls. The platform delivered investigator-ready, near-real-time search and analytics (hundreds of saved searches and 900+ visualizations), accelerated threat hunting and incident response, reduced vendor dependence, and a flexible foundation that’s being expanded across other operations and acquisition scenarios.

Optum360

Johanna Favole

Data Scientist