Case Study: Ramp accelerates threat hunting and expands security visibility with Scanner

Ramp Increases Security Visibility and Accelerates Threat Hunting with Scanner’s Security Data Lake

Ramp, a financial technology company, faced significant security visibility challenges with its previous log management infrastructure. Using Datadog as a SIEM, they were constrained by high costs and could only retain 15 days of searchable logs. This limitation hindered fraud and security investigations requiring deeper historical data. For longer retention, they archived logs to Amazon S3 and attempted to use AWS Athena for searches, but queries were painfully slow and often timed out after 30 minutes.

By adopting Scanner's security data lake, Ramp implemented a hyper-fast search solution for its logs stored in S3. Scanner enabled them to onboard previously cost-prohibitive, high-volume log sources and retain data for up to a year. Queries that used to take over 30 minutes now complete in under two minutes, drastically accelerating threat hunting and incident response. Scanner also provided critical detection-as-code capabilities, allowing the team to manage rules via CI/CD. This resulted in a massive increase in security visibility and operational efficiency for Ramp.

Ramp

Brandon Ledyard

Detection Engineer