Case Study: BlackLine achieves 85% faster incident investigations with Rapid7 UserInsight

BlackLine Cuts Incident Investigation Time by 85% with User Insight

BlackLine, an enterprise provider of real-time accounting and finance automation, faced a security blind spot across a distributed environment of remote users, multiple data centers and satellite offices: they lacked a reliable way to profile normal user behavior or correlate disparate logs, which made detecting lateral movement and investigating incidents slow and manual.

By deploying Rapid7 UserInsight and feeding it LDAP, DNS, VPN, firewall, IDS, antivirus, endpoint and syslog data plus honeypots and honey accounts, BlackLine gained correlated, low-noise alerts and rapid visibility into anomalous activity and stealthy malware. The solution was operational within a week and cut incident investigation time by roughly 85%, while enabling ongoing cloud monitoring and more effective threat detection.

BlackLine

Russ Swift

Manager, Information Security