A case study for Threat Hunting and Intelligence in Fortune 500 companies

Threat Hunting with Siren and the Crumpton Group

Executive Summary

Leading the way in the threat hunting & intelligence space

Crumpton Group is a strategic advisory company based in Washington, DC that serves Global Fortune 500 executives and other elite Clients across industries and verticals. Their intelligence-driven consulting services enhance business leaders’ ability to make effective, high-stakes decisions on strategy, investments, and operations in complex foreign markets.

The company operates within high volume, highly valuable and sensitive data environment that requires the upmost levels cybersecurity defense. The Crumpton Group required an innovative and cost-efficient solution for threat-hunting related scenarios where the risk profile for the end customer is volatitle and difficult to foresee. Since implementing the Siren Platform™, the company has seen benefits including:

  • Future proofed solution at the right price point
  • Real-time insights across data sources
  • Increased spacial awareness for investigators


“[Siren is the] most feature rich solution at the right price point, with inherent future proofing in terms of how the platform scales” – Jeremy Turner, Cybersecurity Program Manager

The Crumpton Group uses the Siren Platform to analyze large pools of data on behalf of their clients which needs to be actionable in real-time. The ground-breaking innovation brought by Siren into the market that leverages existing well-known open source technologies and adapts them to effectively operate in enterprise grade cybersecurity environments at a competitive price point meant that Siren was the company’s choice for their future threat-hunting activities.


Innovation in the cybersecurity space has been lackluster by the industry leading vendors, meaning that mainstream solutions have an inherent inability to meets the dynamic and ever-increasing demands of modern security operation centers (SOCs), both in terms of cost and their ability to effectively handle, analyze and leverage vast amounts of data.

With terabyte’s worth of data having to be analyzed on regular intervals, current mainstream approaches, hinder the investigative prowess of operators by creating a backlog of queries to execute if indexing at read time, requiring considerable up-front effort in terms of understanding the underlying schema within the data when forced to enrich data at ingestion time and/or being highly dependent on hardware investments to scale effectively.


With the Siren Platform’s patented back-end federation capabilities, Crumpton Group’s analysts can run queries and create joins in real-time thus bypassing the data-enrichment operational bottle necks that occur either when performing this task at ingestion time or at read time.

Moreover, the company can now bring all the data into a single pane of glass quickly, monitor logs and associated data across the entire monitoring infrastructure through the use of a dynamic schema, the Siren Data Model, thus ensuring quick time to value


Crumpton Group’s analyst are now able to effectively and efficiently search through data and leverage Siren’s advanced link analysis capabilities to, under a single ecosystem, effectively create a knowledge graph of threats and associated records thereby greatly increasing the spacial awareness of operators.

““Providing the analyst with context through graph browser [Siren’s link analysis component], is what creates intelligence & insight for Zero-Day scenarios” – Jeremy Turner, Cybersecurity Program Manager
Let's talk

Ready to kick-start your project?

Our experts can show you exactly how to leverage your data to uncover powerful insights!

Download PDF

Siren Platform at the Crumpton Group

Learn how this industry leader in the MSSP space is leading the way with regards to threat hunting & intelligence