The company
Since 1982, Fort Collins, Colorado-based Pawnee Leasing Corporation has provided small-ticket equipment leasing and financing for a wide range of credit profiles across 50 states, including startups, small or mid-size businesses (SMBs), and long-established operations.
Lee Lahti, Vice President of Information Technology, has supported the company’s IT infrastructure needs for over 20 years—first as an IT consultant, and now, as a member of the leadership team. “We’re clearly different from traditional equipment financers,” says Lee.
“We’re a distributed, national firm and work through an established network of brokers to provide alternative financing solutions for businesses that may not qualify with traditional lenders. Whether you need computers for your business, want to lease a truck, or more, we can provide the financing to make that happen.”
The challenge
Lee and his team of three system and network administrators support 100 employees at the Fort Collins headquarters, as well as 30 remote users.
For Lee, keeping data private and secure in the financial services sector is an ongoing challenge. “As a leasing company, we operate as an unregulated bank, but we still have personally identifiable information and other confidential data to protect,” he says.
Yet, the company’s cybersecurity efforts had been largely reactive and the technology stack had been pieced together over the years—now, a mix of legacy security tools and services.
With Pawnee Leasing’s distributed workforce and its role as a lender, Lee needed a more proactive approach to security.
“We didn’t have a good sense of what was going on in our network or an effective way to stay ahead of threats,” he explains.
“For example, we have coverage for our network for ten hours a day throughout the work week, but what if an incident occurs on a Sunday at 3 a.m.? We needed a real-time view of our network activity and the technology to automate the manual work of identifying and understanding how to respond to critical issues.”
After working with his security consultant on penetration testing to identify security gaps, Lee began a vendor evaluation for managed detection and response solutions.
The solution
Through his evaluation of MDR solutions in the market, Lee narrowed his search to three companies: Field Effect; Darktrace; and Arctic Wolf.
He chose the MDR platform from Field Effect, a global cybersecurity company that specializes in simplifying cybersecurity for SMBs.
“I was looking for a feature-rich solution that was also cost-effective,” Lee explains. “Compared to the other two solutions, Field Effect MDR had nearly all of the capabilities I needed for 35% of the price.”
His decision was quickly validated. Once deployed, Lee was surprised to see the amount of vulnerable software that Field Effect MDR identified. In fact, these specific vulnerabilities didn’t show up in the penetration test that was completed by Lee’s security consultant prior to his vendor evaluation.
“Field Effect MDR found 25 pieces of vulnerable software in our laptops and servers. That was an eye-opener,” he adds.
The data and analysis helped him identify improvements needed in his patch management process. Says Lee, “We work with a third-party provider to manage patching. The insight from Field Effect MDR helped us discuss process, close gaps, and prevent delays in receiving the patches.”
Using Field Effect MDR’s network and endpoint monitoring capabilities, Lee quickly discovered the innovation in the single platform design. Field Effect MDR is built as an all-in-one holistic solution that provides monitoring and detection across the entire threat surface, helping businesses efficiently identify and take action against emerging cyber threats in real time.
Lee also appreciates Field Effect MDR’s threat alerting and reporting. In contrast to other MDR solutions, Field Effect MDR’s threat analysis is accessible through one user-friendly portal and aggregates the threat data it collects as clear, actionable guidance called AROs —Actions, Recommendations, and Observations.
This proprietary, patent-pending approach shows the threat alerts that matter with the context needed to resolve them. AROs are designed to help IT and InfoSec teams easily understand, prioritize, and remediate threats—reducing alert fatigue and ensuring critical alerts are not missed.
“The AROs are wonderful,” shares Lee. “Out of 700 security events, I may see three action-related AROs. But I also receive detailed information about other lower-priority alerts, as well as recommendations or observations.”
The results
For Lee, the combination of Field Effect MDR and Field Effect’s expert counsel have resulted in immediate improvements and new efficiencies for his IT department and Pawnee Leasing’s security posture.
In the past eight months, Lee estimates he has improved the company’s network security by 35-50%. This improvement is largely attributable to Field Effect MDR’s high-resolution network sensors and AROs alerting.
Field Effect MDR is monitoring every aspect of Pawnee Leasing’s network traffic and all the devices within the company’s network. Says Lee, “We’ve strengthened our network protection and continue to look for opportunities to maximize Field Effect MDR’s capabilities across our infrastructure. We even have Field Effect MDR collecting, monitoring, and alerting for the syslog data across our servers, firewall, routers, and switches.”
Lee has plans to migrate to Office 365 and will add Field Effect MDR cloud monitoring to the platform to detect threats across Microsoft’s cloud-based applications.
“The great aspect about Field Effect MDR is it provides a complete approach to threat monitoring, detection, and response that aligns with our layered security strategy. We have better visibility to any vulnerabilities and risks across our IT environment and users, with the tools and expert support to respond.”
Lee says he has effectively augmented the company’s total security defence, estimating he has improved internal efficiencies by 25%. “I have a great internal team, but we don’t have the specific skills or even the resources for a dedicated security person to manage critical areas like threat intelligence and incident response. We’re very happy we chose Field Effect MDR.”
