Case Study: Major Financial Services Organization achieves fast insider‑threat detection and 3‑month ROI with OpenText ArcSight Intelligence for CrowdStrike

Astonishing POC insight leads to ArcSight Intelligence for CrowdStrike implementation to combat insider threat

A large multinational financial services organization faced an insider‑threat visibility gap despite an advanced MSSP-managed security stack and CrowdStrike endpoints. With thousands of employees generating some 6.6 billion security events per year, manual inspection was unsustainable (one full‑time person checking emails), creating unacceptable risk to sensitive customer data and the company’s reputation.

They ran a 45‑day POC of ArcSight Intelligence for CrowdStrike (SaaS), which ingested 24 million events, flagged over 90,000 deviations and produced a few high‑quality threat leads—exposing USB data copying, dubious applications, suspicious logins and red‑team attacks. The cloud solution required no new agents or extra staff, leveraged existing CrowdStrike data, drove operational efficiencies, delivered full ROI within three months, and materially reduced the organization’s insider‑threat risk.