California’s Employment Development Department Protects Customers with Elastic

When Californians need support, they turn to California’s Employment Development Department (EDD). EDD manages vital benefit programs including unemployment, disability, and Paid Family Leave that support customers when they need it the most. This includes time to bond with a newborn, support to find a job, resources to focus on recovery after an illness or injury, and the guidance and support that can help manage a successful business in California. The Department is on a multi-year modernization effort to transform the customer and employee experience. This includes making sure customers are supported and well protected within EDD systems and applications.

As part of its benefit programs and services, EDD handles billions of points of data from the State’s high-availability systems. This makes cybersecurity essential. Douglas Leone, Chief Information Security Officer at the Department, and his 60-person team work tirelessly to protect information from cyber threats, ensuring EDD resources reach the people who need them most.

For the past several years, Elastic Security, running on Elastic Cloud and Amazon Web Services (AWS), has been the backbone of the organization’s Security Information and Event Management (SIEM) presence. Elastic Security has helped the EDD team quickly find the root cause of issues by consolidating data from multiple systems and servers into one place.

Through a strong partnership with Elastic, including valuable support from Elastic professional services, Leone and his team are demonstrating the value that security brings to EDD and the people it serves across California.

"Our main goal is to support and assist people. If we don't take steps to prevent bad actors, they might disrupt the access that everyone relies on," says Leone. "We have to stay ahead to protect data and resources and provide services around the clock for Californians in need."

One of the biggest challenges for the Department is striking a balance between accessibility and security. Bad actors may attempt to access personal information or use data to falsely apply for benefits, necessitating multiple layers of checks and protections that the security team must identify and resolve as quickly as possible. At the same time, overly inflexible protections can potentially prevent people from getting the support they need when they need it.

Elastic Security helps solve this challenge by providing visibility across the IT environment. It integrates into almost 3,000 EDD servers across all programs and lines of business. By collecting and normalizing system and transactional data into one location, the security team can more easily find patterns and spot vulnerabilities anywhere in the environment.

“Often SIEMs can be seen as a black box, but Elastic provides more clarity by integrating into lines-of-business data,” says Leone. “Elastic allows us to ingest vast amounts of data in a unique way and apply data science to make intelligent decisions about security.”

Advanced dashboards make it easier to spot issues by clearly visualizing traffic, alerts, and patterns in one place. Teams across EDD find Elastic dashboards so useful that many have asked for their own customized views. The Department has standardized the use of Elastic agents on all their servers. EDD and Elastic systems work quickly together to find problems and notify the right people to fix them fast — all without jumping between systems.

"We often need to search back through at least six months of log data to identify patterns," says Leone. "Elastic simplifies log analysis even when we’re handling vast amounts of data."

Advanced features powered by artificial intelligence (AI) and machine learning (ML) provide incredible value to the Department by offering a second set of eyes within a noisy environment.

With 14,000 endpoints and 10,000 employees, the EDD security team combs through a tremendous amount of real-time information every day, handling over 80,000 alerts per month. AI-driven features in Elastic, like Attack Discovery, assist the security team in prioritizing cybersecurity alerts by detecting unknown threats and highlighting the most critical ones, which lowers the average time to detection. EDD is also starting to leverage Elastic Security Labs to identify emerging threats before they become a priority.

Armed with AI to cut through the noise, the security team can be much more effective by focusing their attention on genuine threats. Elastic has made alerts smarter and helpful with data taken from across systems, making it much easier to identify the root cause. This allows the security team to act much faster, reducing mean time to response by 99%.

"I’ve researched incidents and alerts with a number of SIEMs, and Elastic is one of the fastest I’ve worked with," says Leone. This speed is critical for EDD as its many different lines of business support millions of Californians.

Elastic Consulting supports EDD’s efforts to expand Elastic across the Department by developing dashboards and visualizations, ingesting logs from new systems, and training the ML and AI models. Elastic recommended best practices that helped EDD effectively use deep-freeze storage to maintain data efficiency, essential for a public organization dealing with strict data retention requirements.

Elastic Consultants also work closely with the EDD security team to onboard new staff and training with Elastic. "It's a big help for us because stepping up our capabilities makes us more self-reliant in the future," says Leone. "We would not have had the success we have today without Elastic professional services."

Leone plans to continue expanding its Elastic footprint by using application performance monitoring (APM) to bring the same clarity and visibility to applications.

EDD programs and services are a lifeline for millions of Californians navigating some of the hardest moments of their lives. Whether it's time to bond with a newborn, support to find a job, resources to focus on recovery after an illness or injury, or the guidance and support that can help manage a successful business — Californians turn to the EDD. In times of uncertainty, EDD isn’t just for benefits. They offer services grounded in stability, dignity, and hope. That’s why the Department is deeply invested in a multi-year modernization effort. Protecting EDD customers’ personal information and securing their customers’ access to vital resources is a top priority. With Elastic Security, EDD is equipped with the tools it needs to detect threats, safeguard privacy, and respond swiftly. Making sure that Californians can count on a secure, seamless experience when they need help the most.