Overview
Q2, a digital banking platform provider serving community and regional financial institutions, found that it needed more scalable and adaptable tools to match its evolving cloud architecture and a rapidly changing threat landscape. Operating with Amazon Web Services (AWS), Q2 chose AWS Partner SentinelOne to modernize and expand its security operations without increasing overhead. After deploying a new security posture that included SentinelOne’s AI-powered platform, the financial technology company saw a 97 percent reduction in malicious sessions with fewer than 2,000 attempts per minute. With improved performance, deeper visibility, and automated protection, Q2 has strengthened its security posture while continuing to deliver trusted digital banking experiences at scale.
Opportunity
Juggling Growth, Trust, and Threats in a High-Stakes Digital Environment
Based in Austin, Texas, Q2 is a mission-driven provider of digital transformation services for financial services, powering online experiences for more than 26 million users and 1,400 banks and credit unions. In addition to serving national banks, Q2 remains committed to its founding goal of supporting communities by helping local banks and credit unions compete with larger institutions through secure, innovative digital services.
These institutions depend on Q2 for performance and reliability, and any disruption, whether from downtime or a security event, could damage reputations and impact local economies. Facilitating more than $3.5 trillion in annual transactions—which is over 10 percent of US GDP—along with managing 41 petabytes of customer data, Q2 must consistently meet exceptional standards for availability, resiliency, and security.
Q2 relied on a legacy endpoint detection and response (EDR) solution that used application whitelisting, which became increasingly difficult to manage across 12,000 servers and hundreds of bespoke customer environments. “We tried re-implementing an EDR solution with another vendor and got everything cleaned up, but within four months we were right back where we started,” said Lou Senko, chief customer experience officer at Q2. “It became a challenge to maintain that solution while also sustaining a strong security posture.” This prompted Q2 to seek a more scalable and intelligent solution that could evolve with emerging threats, reduce operational burden, and support the company’s broader innovation goals, which included automated workflows to assist Q2’s newly formed security operations center (SOC).
Solution
Building a Future-Ready Security Architecture with AI
As Q2 transitioned from co-located data centers to a distributed cloud architecture, it conducted an EDR proof of concept with three different vendors. The company ultimately chose SentinelOne for its artificial intelligence (AI)–powered cybersecurity solutions, ability to scale across diverse workloads, responsive engineering support, and alignment with Q2’s innovation and security roadmap. Because it’s built entirely on AWS, SentinelOne’s suite of solutions integrates deeply with Q2’s Amazon Elastic Compute Cloud (Amazon EC2) instances. It would also further protect the SQL databases that Q2 hosts in Amazon Relational Database Service (Amazon RDS).
To build out its new security approach, Q2 deployed SentinelOne’s Singularity Platform, which provides autonomous, AI-driven threat detection, response, and remediation across endpoints, cloud workloads, and identities to deliver unified cybersecurity protection. This agent-based solution replaced Q2’s previous EDR solution, delivering real-time threat detection and response across Q2’s 13,000 endpoints.
“We deployed agents across everything we could touch, and SentinelOne was a great partner in making that happen,” Senko said. To strengthen incident response, Q2 added Vigilance MDR, which extends the capabilities of the SentinelOne Singularity Platform with 24/7 expert monitoring, threat validation, and response support. This would help Q2’s security teams ensure that unfamiliar threats were triaged and addressed immediately, with the option to escalate issues to SentinelOne’s experts if needed.
Q2 then implemented Purple AI, SentinelOne’s agentic AI security analyst that utilizes generative AI, natural-language queries, intelligent threat guidance, and automated investigation workflows to enhance usability and insight generation. Purple AI is powered by Amazon Bedrock, a fully managed service that allows developers to build and scale generative AI applications using foundation models from leading AI providers through a simple API, without managing infrastructure. Q2 leverages Purple AI to help its SOC analysts surface insights and accelerate critical response and remediation actions, such as isolating. ”Purple AI will give our team an intuitive way to get the answers they need,” Senko said. “It’s built into the platform, making it easier for our analysts to ask questions and uncover findings they might not have thought to look for, without needing to be experts in the underlying data.”
As Q2’s security maturity evolved, the company adopted SentinelOne’s Watchtower Pro, a threat hunting service that augments its internal team with proactive intelligence and analysis—a critical ingredient for protecting banks’ digital interactions. Recognizing the need to unify operational and security data, Q2 migrated its entire data lake into SentinelOne’s Singularity AI SIEM. As a cloud-native, AI-driven security information and event management (SIEM) platform, it ingests and correlates data from Q2’s security stack, consolidating alerting, service level agreement tracking, and operational telemetry into a single platform. This includes logs used for fraud investigations and subpoena responses, which previously required time-consuming backup restores. Now, that data is readily accessible and queryable. Together, these solutions formed a tightly integrated, AI-driven security architecture.
Outcome
Stronger Security Thwarts Bad Actors, Reducing Attack Volume by 97%
With a new security stack in place, Q2 has significantly strengthened its security posture while improving operational efficiency across its hybrid cloud environment. The company now protects 7,000 endpoints and 400,000 containers with real-time threat detection, automated response, and AI-driven insights. This allowed the company to enhance team productivity as it scaled up without increasing headcount. Most notably, the company has gone from seeing 70,000 malicious sessions per minute to fewer than 2,000, a 97 percent reduction in attack volume. Credential stuffing attacks have also become less effective. Before using SentinelOne as part of its security stack, attackers would spend about 150 hours attempting to breach Q2’s systems. Now, attackers abandon Q2 as a target much faster—in just 130 minutes, a 1,000 percent reduction from before—due to the strength of the company’s layered defenses.
Denial-of-service (DDoS) attacks have also declined sharply. Two years ago, Q2 experienced 30,000 DDoS events per month, translating to about 37 per hour. Today, that number is down by 95 percent, which has freed up resources and lessened operational noise. “We’re seeing faster queries, better performance, and can store data for longer,” Senko said. “And, we are managing workloads that are thousands of times bigger than they were five years ago.” By consolidating tools, automating response, and enabling deeper visibility, Q2 has improved its security outcomes and positioned itself to scale securely as it continues to innovate in digital banking. This helps the company continue to build trust with customers and improves the productivity and satisfaction of its internal security teams. “Over the years, SentinelOnehas shown that it’s always thinking, ‘What is next? Where should we be going?’ And when my vendor is thinking about the next emerging threat and how to defend against it, I don’t have to,” Senko said.
