CASE STUDY:
BEAM SUNTORY _
C O M PA N Y :
Beam Suntory
I N D U S T RY :
Food and beverage
NUMBER OF ENDPOINTS:
4,000
OUTCOME
»» Junior analysts empowered
to handle threats instead
of escalating them to more
senior analysts
»» Improved communication
between the CISO and
C-suite
»» Access to expert security
researchers who can
provide insight on major
security incidents
EXECUTIVE SUMMARY
The new global CISO at Beam Suntory, a premium spirits company that owns more than 42
brands across the world (including Jim Beam and Maker’s Mark), reviewed the company’s
security stack to determine which tools provided the most value. Only tools with clear benefits
would be retained.
Cybereason’s detection capabilities and how the tool presents a complete attack story impressed
the CISO, who considered other endpoint detection and response (EDR) products. He also found
the insight that Cybereason’s researchers provided during major security incidents incredibly
helpful. Of the eight security tools that the CISO inherited, he only kept Cybereason and a
network security product.
THE CHALLENGE
As part of a 90-day security tool evaluation, Beam Suntory global CISO Justin Metallo and his
security team reviewed the eight tools the company used. All tools were pitted against their
competitors. Cybereason, which faced off against Carbon Black and CrowdStrike, eclipsed both in
threat detection, said Metallo, who placed Cybereason’s capabilities in “the upper right quadrant,”
to use Gartner Magic Quadrant parlance.
“When we compared [Cybereason] to its peers in the endpoint detection space, it was far away the
best product that I’ve ever seen,” Metallo said.
Metallo also praised how Cybereason uses a malop to present analysts with a complete attack
story instead of requiring them to manually query endpoint data. The malop provides extensive
information about a malicious incident, including the penetration vector, what machines were
comprised and if the attackers moved to other machines.
“The great storytelling around the malop is a unique value proposition. It’s not just an alert
[saying] ‘I see something on this box, it’s up to you create the story,’” he said. Instead, Cybereason
generates a full attack story by automatically collecting endpoint data and using an in-memory
graph to correlate this data and detect malicious activity.
THE OUTCOME
Metallo got to know Cybereason a few months after joining Beam Suntory, which had deployed Cybereason on approximately 4,000
endpoints. When Metallo looked into how his security team used the tool, he found that it quickly empowered the company’s junior
analysts. Instead of escalating threats to more senior members of Beam Suntory’s security team, Cybereason allowed junior analysts
to take immediate action by providing them with an end-to-end view of an entire attack.

“My level two analysts can take care of the stuff that normally would be escalated to level three analysts,” Metallo said.

He discovered that how Cybereason visualizes an incident improved Beam Suntory’s remediation process, which required the
security team to work with the IT team. Instead of security analysts telling their IT colleagues that a machine was infected with a virus,
Cybereason allowed Metallo’s team to give them more information about the incident. The security team now sends a screenshot of the
malop, which depicts the full attack story using icons of computers, server and gears.

“That’s helpful when the team can [give them a] screenshot and say, ‘This is what’s wrong. We need help here,’” Metallo said.

Cybereason’s visualization capabilities also helped Metallo better communicate security incidents to his C-suite peers. While he
understands information security, other Beam Suntory executives may not. Instead of doing “a lot of extra work to make the visuals
and tell the story,” Metallo places a malop screenshot into the presentations he gives to executives, allowing them to see how the
incident impacted Beam Suntory.

“I don’t have to keep telling them that you have a virus on your machine because they don’t know what that means,” he said.

But Cybereason’s technology isn’t the only thing Metallo turns to to keep Beam Suntory safe. He looks to Cybereason’s “world-
renowned researchers” to provide their expertise when an incident occurs. Cybereason’s researchers helped Metallo convey the
seriousness of the NotPetya attack, which cost companies billions in quarterly and yearly revenue, to Beam Suntory’s executives. The
executives didn’t understand NotPetya’s technical details, but they grasped its severity - and wanted to help - after Metallo showed
them a video of the Cybereason researcher who developed a NotPetya vaccine discussing the threat on CNN.

“We’re talking to people who watched these [incidents] occur and have the insight to stop them. As a customer, I can reach out to those
folks and say ‘Can you please help me?’ And they do, and do a fantastic job,” he said.

“When we compared [Cybereason] to its peers in the endpoint

detection space, it was far away the best product that I’ve

ever seen.”

J U S T I N M E TA L LO
CISO
B E A M S U N T O RY