Zero
SOC analysts hired despite rapid growth
100%
alert triage handled — zero backlog
<15m
MTTA for Critical severity alerts
24/7
AI + human coverage across cloud, K8s & AI

About Lusha

Lusha's platform gives revenue teams instant access to accurate B2B contact and company data. With 1.4M+ users, integrations across the sales tech stack, and strict GDPR and CCPA compliance requirements, the bar for data security and operational resilience is extremely high.

Growing Fast, in Every Direction

Lusha's security challenges were not born from a single gap — they were the compounded result of rapid, multi-vector growth. The engineering organization was scaling aggressively, shipping new features weekly and expanding infrastructure across AWS and Kubernetes. Meanwhile, the security team remained intentionally lean.Alert volume grew in step with the platform. Wiz surfaced cloud and container findings continuously. The previous tooling left critical visibility gaps: there was no way to detect Lusha-specific API abuse or data scraping patterns, and the team had no single view across cloud, identity, and SaaS. Each new data source added cost and complexity, making full-stack coverage economically unsustainable.What arrived in Jira was often just a ticket — no investigation context, no chain of reasoning, no access to the underlying events. The team was flying partially blind, manually triaging alerts that should have been investigated automatically. When something needed remediation, it required manual action every time.

"We were moving fast, and the security surface was expanding faster than we could cover it manually. Something had to give — and we weren't willing to let it be the quality of our investigations."

Einat Shimoni, CISO at Lusha

AI security was emerging as a new surface area too. Lusha was building out an AI agents framework — a category where standard detection playbooks simply do not yet exist. The team needed a partner that could grow into that space alongside them, not one locked into yesterday's threat model.

A Rigorous PoC Built on Real Success Criteria

Lusha did not evaluate Daylight on product demos and slide decks. Before committing, the security team defined a formal PoC success framework — nine concrete criteria spanning integrations, visibility, automation, ticketing quality, and response speed. Each criterion mapped directly to a pain point the team had lived with under previous approaches.

Category Criterion Pain Point Success Measure
Integrations Lusha Deep Visibility No visibility on Lusha-specific data scraping or API abuse. Ingest & alert on Lusha API logs — unusual export volume, scraping patterns.
Integrations Full Stack Coverage Couldn't cover the entire tech stack (Cloud, Identity, SaaS). 100% of defined stack (AWS / Okta / Lusha / Jira) integrated within 48 hours.
Cost Scalable Pricing Every new source costs more money. Per-headcount or entity pricing — not per-source or per-GB.
Visibility Chain of Thought Only received a Jira ticket — no context on how the investigation was done. Visible AI step-by-step reasoning (e.g., 'Checked Lusha log → Cross-referenced IP with Okta').
Visibility Raw Event Access "Black box" system with no view of the underlying events. Ability to drill down from any Daylight alert into the raw telemetry that triggered it.
Automation Agentic Autonomy No real automation — everything was a manual task. AI Agent performs ≥3 investigation steps (IP lookup, user activity, threat intel) before human review.
Automation Active Response Had to manually remediate every ticket. Pre-approved action executed autonomously (e.g., disable compromised Lusha token or Okta session).
Ticketing Jira Consolidation Flooded with low-quality Jira tickets. >90% of noise / false positives auto-resolved. Only verified threats hit Jira.
Speed Custom Integration Previous vendors were slow to add new tools. New connector delivered within 3–5 business days.

Speed was made explicit and quantitative. Daylight committed to specific MTTA (Mean Time to Acknowledge) targets per severity level — targets that Lusha could measure and hold them to from day one of the PoC:

Severity SLA Target (MTTA)
Critical Mean Time to Acknowledge (MTTA): < 15 minutes
High Mean Time to Acknowledge (MTTA): < 30 minutes
Medium Mean Time to Acknowledge (MTTA): < 60 minutes

The criteria exposed exactly where previous solutions had fallen short: black-box investigations, per-source pricing that punished growth, and a Jira queue flooded with unvalidated noise. By mapping each requirement to a measurable outcome before the PoC began, the evaluation process had no room for ambiguity.

"I needed to know there was a real analyst behind the findings — someone who understood our stack, not just a dashboard with confidence scores. We set up the PoC criteria to make sure we were measuring the things that actually mattered."

Einat Shimoni, CISO at Lusha

During the PoC, Daylight onboarded the full Lusha stack — AWS, Okta, Jira, and Lusha's own API telemetry — within 48 hours. The AI investigation engine surfaced step-by-step reasoning for every alert. Raw event access was available on demand. Automated user questioning over Slack resolved tickets without analyst involvement. And when a custom integration gap appeared, a new connector was delivered within days, not quarters.

From Alert Overload to Operational Clarity

With Daylight in place, the dynamic changed immediately. Alert triage no longer sat on the desk of the internal team. Every finding from Wiz — cloud misconfiguration, runtime threat, or toxic combination — received a documented determination within the committed SLA window. The backlog that had been creeping upward flattened to zero.

Jira quality transformed overnight. Instead of a flood of low-confidence tickets demanding triage, only verified threats reached the queue — noise was auto-resolved before it ever became an interruption. The signal-to-noise ratio went from a liability to an asset.

Lusha-specific API abuse detection — a gap that had never been addressed — became operational. Daylight ingested Lusha's own API logs and built detection logic for unusual export volumes and scraping behavior. For a company whose core product is contact data, this coverage was not optional.

"We're not just buying alert triage. We're getting a team that actually understands our environment and thinks about our risk the way we do. That's the difference between a vendor and a partner."

Einat Shimoni, CISO at Lusha

On the headcount side, the math became straightforward. Expanding 24/7 SOC coverage without Daylight would have required multiple senior hires — each expensive and slow to ramp. Daylight removed that equation entirely. The internal team could stay focused on posture, architecture, and the strategic work that moves the needle.

AI security coverage proved immediately valuable. As Lusha's AI agent framework expanded, Daylight provided detection and investigation purpose-built for that threat surface — covering prompt injection risks, data exfiltration via AI pipelines, and anomalous model behavior. No other MDR provider in the evaluation had this capability at production quality.

Security That Scales with the Business

For Lusha, security is not a brake on growth — it is infrastructure for it. Customers, enterprise buyers, and compliance frameworks all require confidence that data is handled responsibly and that threats are investigated, not just logged.

Daylight provides that confidence. It delivers continuous coverage, investigation depth across every layer of the stack, and the flexibility to evolve as Lusha's environment changes. For a company growing at Lusha's pace, that adaptability is not a nice-to-have — it is the point.

"Security can't be the thing that slows us down. With Daylight, it isn't. We have full coverage, zero backlog, and I know that when something real happens, there are experienced people on it immediately."

Einat Shimoni, CISO at Lusha

Dark space-themed interface with globe edge and labels showing 'Investigating...' and 'Live Threats: 12'.form submission image

Ready for Real MDR?

Stop settling for escalation factories. Get AI-native detection and response with senior experts and full accountability.

Book a Demo

Ready for real MDR?

Stop settling for escalation factories. Get AI-native detection and response with senior experts and full accountability.

Book a Demo