How ECI Uses Elastic to Protect 130 Financial Services Clients Against Cyber Threats
ECI (formerly Eze Castle Integration), a managed security services provider for financial firms with over $3 trillion in assets under management, built its SIEM platform on Elastic to ingest and analyze security events across its client base. The platform ingests over 2 billion events per day, enables new client deployments in two weeks or less, and helped ECI onboard 130 clients in 18 months.
Impact
130 in 18 months
Clients onboarded on SIEM platform
2B+
Daily security events ingested
≤2 weeks
Time to deploy new client
Challenge
ECI’s security teams managed separate log systems for each client in different formats, creating data silos that made threat detection slow and log retention for financial regulatory compliance difficult to guarantee—and the fragmented approach couldn’t scale with a growing client base.
Solution
ECI built its managed SIEM service on Elastic Cloud Enterprise, using Elasticsearch for log ingestion and search, Kibana for unified threat visibility and incident investigation, and Elastic Security for threat intelligence—enabling cross-cluster search across all client environments from a single security operations center.
Tools & Technologies
What Leaders Say
“The biggest thing keeping me up at night was event logging and security on our own systems. If we could resolve that, then we could offer it as a product to help clients protect their systems and make the compliance process more efficient.”
“Let’s say there is a major security breach that impacts a number of organizations, and it’s reported in the press. With Elastic we can quickly search all the relevant data of our SIEM clients and reassure them that they are not affected or keep them protected if they are under attack.”
“Working with Elastic in one word? Rewarding. The technology works well, the support is great, and it’s exciting to be working with software that’s at the cutting edge of cybersecurity.”
Sign up to read complete case studies, access detailed metrics, and unlock all use cases.
Full Story
ECI serves financial services organizations across the globe as a managed services provider, handling IT infrastructure, cybersecurity, and business transformation for clients who collectively oversee more than $3 trillion in assets under management. For these clients—hedge funds, asset managers, and financial firms—security isn’t a compliance checkbox; it’s a business-critical requirement where a breach or audit failure has direct financial and reputational consequences.
Before building its unified SIEM offering, ECI’s internal security had fragmented across teams. Each department managed its own event logs in different formats for different clients, creating data silos that made threat detection slow and log retention for regulatory compliance difficult to guarantee. Kamyar Kojouri, Director of Security Operations, identified the core problem: event logging was becoming unmanageable as the client base grew, and the patchwork approach couldn’t scale.
ECI’s engineering team evaluated Elasticsearch and assembled a proof of concept in just a few days—a complete cluster with agent deployment, log ingestion, and dashboards. An Elastic engineer worked on-site with the team for a week to configure the production system. Elastic Cloud Enterprise became the deployment backbone, enabling ECI to add new clients quickly with consistent configuration. Kibana provides a “single pane of glass” for security alerts, incident investigation, and threat hunting. Elastic Security transforms event feeds into actionable threat intelligence, and cross-cluster search lets ECI’s Security Operations Center run threat hunting queries across all client clusters from a single node—a critical capability for responding to widely reported security incidents across many clients simultaneously.
The results validated the architecture. ECI onboarded 130 clients in 18 months. The platform now ingests more than 2 billion events per day across client environments spanning ECI Cloud, Microsoft Azure, and on-premises systems. New clients are operational in two weeks or less. When major hacking incidents make the news, ECI can immediately search all client SIEM data to confirm whether any client is affected and respond proactively.
Looking ahead, ECI is evaluating real-time threat response automation using machine learning, XDR (eXtended Detection and Response) capabilities for unified endpoint and SIEM security, and a single data ingestion pipeline to further consolidate client environments. The Elastic platform’s scalability has made cybersecurity one of ECI’s fastest-growing service lines.
Amazon Bedrock