Magazine Button
Levi Strauss & Co. utilises Exabeam platform to bolster security operations

Levi Strauss & Co. utilises Exabeam platform to bolster security operations

Case StudiesEnterprise SecurityRetailTop Stories

Data security is paramount to operations during the rapidly transforming cybersecurity landscape. Colin Anderson, Chief Information Security Officer at Levi Strauss & Co., explains why it selected Exabeam to protect its corporate brand as well as consumer trust.

Founded in 1853, Levi Strauss opened a wholesale dry goods business in San Francisco that became known as Levi Strauss & Co. (LS&Co.). Today, LS&Co. is one of the world’s largest and most recognisable brand-name apparel companies and a global leader in jeanswear. The company designs and markets jeans, casual wear and related accessories for men, women and children under the Levi’s, Dockers, Signature by Levi Strauss & Co. and Denizen brands.


As one of the world’s most recognised apparel companies, Levi Strauss & Co. operates a globally dispersed team. With the threat landscape changing, traditional systems based on an EPS model were falling short. LS&Co was looking for a security partner that could scope a solution to meet its needs. The company sought a team that was fast-moving and whose skills could be augmented by a SIEM that incorporates automation into its tools.

“Looking at the landscape of SIEM products out there, we were searching for underlying technology and architecture that lends itself to meeting the needs of a more agile security team,” said Colin Anderson, Chief Information Security Officer at Levi’s.

“One of the big challenges a lot of us are facing is that we want to try to automate and orchestrate more,” said Anderson. “We’re trying to leverage technology to help manage the growing amount of data and the growing number of attacks that we’re dealing with. Exabeam is one piece of that puzzle.

“Exabeam is a great detection and response tool, but it’s not necessarily a prevention tool. So, Exabeam came out with this orchestration case management solution that allows you to take action with what you’re finding. This is an area I’m hoping to grow in in the next year or two,” said Anderson.

Vendor selection and proof of concept

Knowing that automation would be a key factor in driving business forward, LS&Co. had to evaluate whether a new SIEM configuration would better serve its unique business needs. Cost also played a role in the decision-making process. LS&Co. asked questions around cost efficiency, operational experience under pressure and the ability to adapt in changing conditions.

“Since we wanted better visibility in our environment, we needed to bring in more data. Legacy licensing models and others that focus on event per second are not scalable in today’s data-driven security teams,” said Anderson.

Use cases

Having already used Exabeam products, the LS&Co. team decided to migrate to using a full Exabeam Security Management Platform.

“When looking at new platforms to support our detection and response cybersecurity teams and functions, we knew we wanted new architectures and leading-edge technologies. These elements best position us for the future,” said Anderson.

By using Advanced Analytics paired with Smart Timelines, the LS&Co. team can see exactly what is going on, from a timing perspective, in terms of incidents. Through this process, investigations become quicker and efficient, thus increasing resolvability. Embracing automation with Exabeam ultimately strengthened the LS&Co. team’s speed of manoeuvre – how fast you move from finding a vulnerability to mitigating the threat.

Partnering with Exabeam for a tailored solution

A major factor in deciding on a new SIEM, and ultimately sticking with Exabeam, was the need to find a partner that understood the exact and unique needs of the LS&Co. team.

“Our Exabeam partnership helped to make our team more efficient and has been a core building block within our cybersecurity programme,” said Anderson.

Often, when tools change, processes have to follow suit. But for LS&Co., an Exabeam partnership allowed for the development of a product that truly aligns with the way LS&Co. wants to work.

“One of the key reasons we chose Exabeam was the company’s willingness to adapt, rethink things and go the extra mile. There’s a lot of value there that I can’t put a dollar next to,” said Ryan Clarque, Senior Global Cybersecurity Manager, Levi Strauss & Co.

Intelligent CISO caught up with Colin Anderson, Chief Information Security Officer at Levi’s, to discover more about the Exabeam solution and why the company decided to work with this particular vendor.

What does your role as Chief Information Security Officer look like day to day?

I’m responsible for information security for Levi Strauss, globally. My role includes managing the risks to information on-prem, against our employees, in the cloud. These days, it’s a challenging task for sure as attacks are at an all-time high as well as dealing with the pandemic issues that are challenging industries globally. So, the role is changing as one might expect and it’s one that I’ve enjoyed for many years now.

How important is visibility to your security strategy?

The Levi’s brand is 160 years old so brand protection, brand reputation and consumer trust are paramount. As a result, information security is very important to the organisation so we’ve made some significant investments such as this one with Exabeam, to really help us protect that corporate brand and protect our consumers’ trust.

Why did you select Exabeam as the vendor?

I have experience with many other tools and many of Exabeam’s competitors and the challenge I kept running into was that, in regard to a lot of other competitors, you find what you’re looking for and with information security, it’s usually what you’re not looking for or what you don’t know about that burns you. So, what I loved about Exabeam was that it looks for the anomalies in your environment, the outliers. It helps you to understand what ‘normal’ looks like, but it also helps you identify abnormal events – what those things are in the environment that require further investigation. So, Exabeam was one of the first tools many years ago that was very analytics-based – it compiled a lot of data, it looked to establish baselines, and it helped you to alert on outliers.

What benefits have you seen since the implementation a couple of years ago?

First and foremost; visibility. These days, environments are so large and you’re having to deal with so much data to monitor and alert on, as well as dealing with billions of events. To really be able to harness and understand what’s happening in your environment, you need technology and Exabeam gave me that technology and visibility to help make sense of all the events that were happening in my environment. It helped me zero-in on what’s most important to me in my organisation.

How far has the solution future-proofed operations and how important is this for the company?

What I’ve seen over the years is that security is becoming a data challenge. We’re bringing in more and more data and it’s becoming more and more challenging to analyse that data. There are skills shortages and dynamic attacks, so what Exabeam has helped us do is to grow with the changing dynamics, changing attacks, changing data volumes and changing types. So, in that sense, it’s grown with my security organisation and has scaled up over time – when I first installed Exabeam, we were capturing around 5,000 events per second and now I’m close to 30,000 events per second.

Where do you think companies will invest in security in the next five years?

Everything is moving to the cloud, including Exabeam so what we’re going to see is more and more enterprises have a very heterogeneous environment where you’ve got some on-prem systems and some in the cloud, you’re looking at data in multiple locations and are supporting users working from anywhere. To do that, you need really good analytics and a really good handle on what’s happening in your environment and that’s where Exabeam comes into play.

As enterprises evolve and they’re dealing with more data and moving to the cloud, the attack surface becomes more complicated. This is because you’re protecting corporate assets in multiple locations and protecting corporate assets that are being used by individuals in many more locations. Typically, complexity is the enemy of security, in most cases. You want simple, you want a very basic footprint which makes it much easier to protect your enterprise and right now, we’re dealing with a lot more complexity. Exabeam has shown that it is able to grow with us, handle that complexity and handle that data growth. 

Click below to share this article

Browse our latest issue

Magazine Cover

View Magazine Archive