Flashpoint: Illuminates customers’ security threats with 98% less development time

About Flashpoint

Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape.

Industries: Technology
Location: United States
Products: Google Cloud, Looker

Tell us your challenge. We're here to help.

Contact us

By leveraging Looker’s embedded analytics platform, Flashpoint gives customers real-time insights into security threats with custom dashboards that take 98% less time to create. The dashboards help customers identify, stop, and proactively respond to threats.

Google Cloud results

  • Speeds the development of customer-facing dashboards by 98%
  • Improves customer experience with embedded analytics that provide faster, more detailed insights
  • Supports value-added features such as data-driven workflows and customer alerts
  • Drives Flashpoint’s efficiency, simplifies its growth, and boosts its agility

Since its founding in 2010, New York City–based Flashpoint has provided organizations with customized, actionable insights about threat actor activity, security breaches, IT vulnerabilities, fraud, and other security threats. The company does this by collecting, analyzing, and delivering petabytes of data from illicit communities on the internet—including user forums and the dark web—to provide visibility and analysis on threat actor activity that is relevant to customers’ security needs. For example, organizations engage Flashpoint to track ransomware activity in their industry and the threat actors' tactics. Companies also have Flashpoint scan chat rooms and other sites to see if threat actors accessed and posted their private data, such as user IDs and passwords, credit card numbers, intellectual property, and facility access codes.

The speed of security intelligence delivery is especially critical because insights help prevent and mitigate data breaches and their consequences. However, the combination of increasing threats, exponential data growth, and workflow complexity make it difficult to quickly deliver actionable information. Additionally, Flashpoint's customers need critical security intelligence that is easy for people with various levels of technical skills to access, understand, and act upon. To provide customized, scalable, and easy-to-understand insights for its customers faster, Flashpoint deployed Looker, Google Cloud’s business intelligence and data application platform.

Flashpoint uses Looker to analyze threat data and create custom reports and dashboards that deliver more useful, up-to-date insights to cyber threat intelligence (CTI) staff, business teams, and executives at both customer companies and Flashpoint. With Looker, Flashpoint can also help organizations proactively mitigate security threats, which change daily, by developing additional embedded analytics products and new workflow integrations. They include triggering automated threat responses by customers’ systems by using Looker insights and alerts.

Bringing threats into the light

Every day, Flashpoint creates customized security intelligence for global organizations. “Originally, our goal was to share as much data as possible with our customers, which their analysts would then have to interpret. However, that method of delivering data no longer meets customers' needs and expectations, because of the volume of important data and the difficulty for organizations to hire good analysts who can tap into the value of the data,” explains Donald Saelinger, President at Flashpoint. “Increasingly, our differentiator is that we can use intuitive and easily digestible dashboards and insights to analyze the data and help customers answer, ‘So what?’ so that they can take action.”

As the amount of threat data continued to increase, Flashpoint's data analysts required more time to manually create concise and customized reports and dashboards for individual customers. Every month, Flashpoint collects 2–10 terabytes of new data from the internet about security threats such as information breaches, organizations' administrative passwords, and tips about exploitable software vulnerabilities. Because Flashpoint analyzes the new threat data in the context of petabytes of historic data, creating a new report could take several days or even weeks and a new dashboard could take weeks or months.

Flashpoint's internal, multistep workflows also hindered delivery times. Customer success teams worked with clients to understand the questions they had and the information they needed. Flashpoint's customer success teams then relayed this feedback to co-workers. Data analysts used the information to collaborate with developers to create required data pipelines. Analysts then manually built reports and dashboards for the clients with React JavaScript and spreadsheets.

To meet its complex data visualization, embedded analytics, and workflow requirements in a way that was more efficient for its employees and customers, Flashpoint considered making its own solution. However, Peter Partyka, Vice President of Engineering at Flashpoint, says, “When we looked at potential turnaround timelines, it made more sense to purchase a ready-to-go product. It would have taken far longer for us to build the analytics, visualization, and workflow components that could support customer-facing insights and meet our own requirements.”

One solution that’s fast, flexible, scalable, and customizable

Flashpoint evaluated Looker as well as standalone visualization and embedded-analytics tools. Ultimately, the company selected Looker because it provides the greatest flexibility and options for delivering customized reports and data experiences to customers. In tests, Looker also delivered the best performance and scalability.

The modern architecture and cloud deployment options in Looker give Flashpoint greater choice and agility in adapting to changing requirements. And the tool's streamlined architecture simplifies and accelerates data access and pipeline maintenance. Partyka explains, “Unlike other products we looked at, Looker directly connects to our data stores and it can process large sums of data.”

By choosing Looker, Flashpoint would also increase the ROI of existing investments. “There are some very clear technical wins that Looker had over competitive options, which just made it a no-brainer for us,” says Partyka. “For example, we already use Google Cloud extensively, including BigQuery, Dataflow, Cloud Bigtable, and Cloud SQL, and Looker seamlessly plugs into the Google ecosystem."

“In less than six hours, we detected the breach, verified it was real, identified the threat actor, and created a Looker dashboard that shared required insights… Without Looker, it would have taken a month or more to create a similar dashboard."

Peter Partyka, Vice President of Engineering, Flashpoint

Developing custom insights up to 98% faster

Now that Flashpoint’s engineering and data analytics teams use Looker, they no longer have to spend days or weeks manually developing custom insights. Instead, they can provide customers with real-time reports and dashboards 98% faster, in just a few hours. Customers access their insights from their profile on Flashpoint’s website.

"Compared with our previous visualizations, which were not particularly user-friendly or explorable, the dashboards we provide with Looker are highly intuitive and digestible," says Saelinger. "Our customers' analysts—but also their chief security officers and other executives—can see and drill down into relevant threat insights and understand what the data means for their organizations. And by marrying important threat information with the relevance behind that data, we help them take action against current and emerging threats faster than they could before."

Giving an example of how they’ve sped development and improved threat insights with Looker, Partyka explains that several months ago, some customers were affected by a third-party security breach. “In less than six hours, we detected the breach, verified it was real, identified the threat actor, and created a Looker dashboard that shared required insights with impacted customers. That timeframe included managing all the data access controls and compliance checks. Without Looker, it would have taken a month or more to create a similar dashboard. Our analysts would have been working into the wee hours, and by then the information wouldn’t have been as helpful to our customers.”

In just a few weeks’ time, Flashpoint also used Looker to build a credit card fraud dashboard to help financial services customers understand the scope and severity of threat exposures for its clients. “From a developer perspective, Looker really speeds up turnaround times and enables us to deliver better visualizations, which gives customers more value,” says Partyka. "For example, we track over $80 billion in potential fraud loss across many issuers and bins. Our credit card fraud dashboard allows our customers to drill into specific breaches and determine which cards to deactivate in order to prevent loss. Developing this type of visualization with our previous BI solution would have taken at least three months."

A few days of work yield better results than months of effort

Flashpoint is also using Looker to provide customers' CTI teams with greater insights into global ransomware. The previous ransomware dashboard that Flashpoint offered had taken developers and data analysts months to build, and data was static. Updates required days or weeks of effort by Flashpoint's engineers and analysts, which made the new insights somewhat obsolete.

“With Looker, in less than a week, one of our analysts created a new ransomware dashboard that’s much more intuitive than the previous one—and the information is up to date,” Partyka explains.

Additionally, the new ransomware dashboard delivers useful insights not only for security experts but also for chief risk officers, chief security officers, and other business leaders. “Executives now use the dashboard to see what their industry risk is, what their regional risk is, and what their organization’s risk is across a number of variables,” says Saelinger. “They can also zoom into thousands of data points from across the world and learn more. That level of insight and usability was something we were unable to deliver before.”

“With Looker, we can quickly provide good, real-time data experiences, along with the analytics behind the data, so that our live reports can become a part of our customers’ security apparatus."

Donald Saelinger, President, Flashpoint

Driving growth and customer satisfaction

Providing customers with faster, easier access to intelligence they can trust is helping Flashpoint expand sales and boost client retention. “Threat intelligence is probably the hardest type of platform to really bake into your customer's workflows,” explains Saelinger. “With Looker, we can quickly provide good, real-time data experiences, along with the analytics behind the data, so that our live reports can become a part of our customers’ daily security workflows and apparatus.”

One way that Flashpoint is improving the analytics it delivers is by streamlining its customer support workflows. In the past, when potential or existing clients explained the types of threat insights they needed, sales and customer success teams relayed the information to data analysts, who then had to collaborate with developers to create the requested insights. Today, Flashpoint’s sales and customer success teams can often create the new reports and dashboards customers request. That's because Looker is easy to use, and with it, Flashpoint can grant business teams access to specific datasets that pertain to their customers.

“Looker makes it easy for us to demonstrate our value to customers really, really quickly,” Saelinger says. “We can tell business teams, ‘Here's Looker. Just click these categories and you can make dashboards.’ Having that ability also allows us to scale more effectively. We can service more customers without having to automatically hire more staff.”

Flashpoint is also driving growth by providing its own teams with faster, easier access to insights about its own organization to improve operations and opportunities. C-suite executives and management now take advantage of Looker to gain holistic insights from internal systems including Salesforce, Pendo, and numerous custom applications.

Since Flashpoint has created Looker visualizations to support internal workflows and customer products, it has increased customer engagement and satisfaction. “Our last 90-day trailing Net Promoter Score was over 75, which is an extraordinarily high number in the technology space,” Saelinger reports.

“Every time a threshold is met in a report or dashboard, we can use Looker alerts and the Looker API to automatically kick off a process like issuing a trouble ticket in the customer’s Jira system."

Peter Partyka, Vice President of Engineering, Flashpoint

Using automation and a wider exposure to capture more threats

Flashpoint plans to adopt Looker’s API-first platform to create data-driven workflows that provide customers with real-time alerts and automated threat responses. “Every time a threshold is met in a report or dashboard, we can use Looker alerts and the Looker API to automatically kick off a process like issuing a trouble ticket in the customer’s Jira system,” Partyka says. “This level of automation is massive in terms of lowering customers’ mean time to response, mean time to action, and mean time to remediation.”

Teams are also developing a threat exposure dashboard that includes insights about customers’ profiles on the dark web, such as information about their domains, supply chains, keywords, and credentials. These insights will help customers and enhance how Flashpoint’s customer success teams advise and support their clients.

“We must rapidly evolve our analytics to help customers stay ahead of increasing risks,” says Saelinger. “And we need to deliver information in new ways to support and partner with C-level executives and board members who now think about security and threats more than they ever have before. The only way we're going to meet all these requirements and protect data from threat actors is with analytics that deliver holistic and intuitive insights. I don't think there’s another product that allows us to meet these needs as completely and quickly as Looker does.”

Tell us your challenge. We're here to help.

Contact us

About Flashpoint

Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape.

Industries: Technology
Location: United States