Case study

‍Key Wins

• Rapid deployment across AWS infrastructure via Terraform
• Comprehensive coverage across cloud, workstation, CI/CD and identity
• Reduction in time to detect potential security threats and low false positive rate
• Red team engagement extended by 3 weeks due to psychological impact of Tracebit
• Integration into the Panther SIEM meant no changes to workflows, and no conflicts with the existing deployed CSPM solution

The Challenge

Cresta, the leading contact center AI platform for human and virtual agents, faced the challenge of securing their rapidly expanding cloud infrastructure whilst enabling their engineering teams to continue to deliver at pace.

The idea of deploying security canaries was flagged to Cresta by a security partner who suggested it could be a lightweight, non-intrusive ‘quick win’ way to level up their detective abilities.

Like most security teams at fast-growing startups, the Cresta team had many important security initiatives. A demo of The Tracebit platform left the security team with an impression that this could rapidly expand their detection capabilities, whilst producing minimal noise and requiring minimal maintenance.

With a large AWS organization, numerous GitHub repositories, and a rapidly expanding workforce, Cresta needed a solution that would:

• Produce highly actionable alerts in the event of an incident
• Trigger no or a low number of false positives
• Not impact engineering or other team members velocity
• Allow for maintenance with minimal overhead

The Solution

Deployment

Cresta chose Tracebit for its comprehensive ability to deploy canaries at scale. The implementation included:

• Deployment of Tracebit Canary Infrastructure into AWS
• Integration of Canary Credentials into GitHub workflows for source code protection
• Deployment of Canary Credentials onto Workstations
• Installation of Tracebit Okta Canary Applications

The total engineering hours spent on deployment amounted to 4 hours, with no impact on existing operations. Tracebit's infrastructure-as-code approach allowed for rapid scaling across all AWS accounts seamlessly. As canary updates are automated, the occasional maintenance (at most monthly) amounts to reviewing and approving Tracebit recommendations.

Low volume, highly actionable alerts

All Tracebit alerts are trivial to reason about - a canary has been interacted with - this, coupled with the low volume produced, has meant that the team has built confidence in prioritizing these alerts when they trigger.

“The low volume of alerts from Tracebit means that we really do prioritize them, we actually upgrade every Tracebit High to a Critical in Panther. The richness of the alerts and the integration with Panther has meant that investigations are always rapid and intuitive for us”

Security Engineer, Brooks Beverstock, Cresta

Extended Red Team Engagement

One notable impact came during a planned red team assessment. Wishing to test the psychological impact of deceptive practices on the red team, Cresta informed them of the use of Tracebit. This led to the red team doubling the length of their engagement:

"I'm surprised that people don't use canaries more often. I think they're very effective."

Chief, Thai Duong, Calif (Red Team)

Looking Forward

“Working with the Tracebit team has been an amazing experience - especially how responsive they are and how quickly they implement new features. We’re used to vendors taking days or more for a response to feedback, we’ve seen Tracebit ship a few new features hours after sharing feedback!”

Security Engineer, Brooks Beverstock, Cresta

With Tracebit successfully deployed, Cresta shares the vision for canaries being valuable for proactively addressing cybersecurity issues. Cresta is excited to partner with Tracebit on the further breadth that they’re bringing to canaries, deeper into cloud infrastructure and across the corporate IT landscape.

‍