• CASE STUDY

GDS Reveals Time-Saving Power with Swimlane AI and Automation

GDS showcases how AI-enhanced automation improves operational effectiveness by significantly speeding up case completions. Swimlane Turbine makes reporting to executives and clients easier, streamlining security operations (SecOps) and saving time compared to their previous platform.

Request a Demo

Case Study

Background

Global Data Systems (GDS) is an innovative MSP/MSSP that started by building mainframe computers for drafting companies and now provides a wide range of IT solutions, including offshore satellite voice, data, and cybersecurity services. They specialize in supporting industries such as oil and gas, healthcare, and government, including some of the largest medical providers in the U.S. Their focus is on simplifying IT to help clients streamline operations and boost their bottom line. 

Tracy Webb, Director of Information and Cybersecurity Operations at Global Data Systems, brings 30 years of experience in security, including a background in military and naval special warfare. As an early adopter of Swimlane Hero AI, a collection of AI innovations available in Turbine, Webb has already seen significant improvements in efficiency and effectiveness within his SOC team. In this case study, he shares the quick wins achieved through AI and automation.

SOC CHALLENGES

Maximimum Efficiency for Small Teams

GDS’s security operations center (SOC) team only has seven members to manage tasks, such as internal corporate security, risk management, and policy enforcement. Providing comprehensive support for these functions would be impossible without some level of automation. The complexity of threat hunting, mitigation, and delivering real-time feedback to the companies they protect, demands efficiency and manual processes don’t cut it. Webb comments: “we would not be able to functionally provide that level of support both to our corporate users or our clients without some level of automation.” AI has further enhanced their operations, offering additional efficiencies. Webb adds: “There’s no way we could do it without automation, machine learning and AI.”

The Limitations of Legacy SOAR

After only a few years, GDS’ traditional security orchestration and automation response (SOAR) platform hit a wall. Communication with the vendor kept worsening, leaving them stuck waiting for updates and new features that never arrived quickly. This put GDS at risk, unable to stay nimble or ahead of the constant wave of threats coming their way. Webb comments: “We could not get the development or feature additions that we needed as quickly as we needed to stay agile and to keep up with the threats that were being faced”

An AI-Enhanced Security Automation Solution

Collaborative & Fast Implementation

A smooth transition to Swimlane was essential for GDS’s SOC, which needed to migrate from its old SOAR platform while still operating and supporting clients. Faced with an aggressive timeline and ongoing commitments, GDS was able to rely on Swimlane’s dedicated support and Technical Account Managers (TAM) to transfer playbooks and workflows without disrupting business operations. As Webb noted, “The timeline was aggressive. But between our team and the support we received from Swimlane, we got there at a pace that I was happy with.” He adds, “I would probably challenge any other SOC team to be able to perform at this level without a partner like Swimlane.”

Smart, Effective and Agile Customer Support 

GDS chose Swimlane for its dedication to security automation and commitment to being a true partner. GDS needed a vendor that was not only responsive but also deeply integrated with their engineers. This level of collaboration was essential for optimizing their security operations. As Webb noted, “the reason that we like Swimlane so much was because they seemed very hands-on with us as a development partner”. He adds: “What we needed was smart, effective, agile support and Swimlane seemed to provide that for us”

GDS Adds 20 Virtual Staff with Swimlane AI

Hear from Tracy Webb, Director of Information and Cyber Security Operations at Global Data Systems, on why he transitioned from a legacy SOAR platform to Swimlane Turbine. In a short time, the AI-enhanced security automation platform has helped GDS close over 5,000 cases and added the equivalent of 20 virtual SOC analysts to their 7-member SOC team.

TOP SECURITY AUTOMATION USE CSES

Early Adopter of Swimlane Hero AI

By incorporating AI into their automation capabilities, GDS immediately saw a boost in performance efficiency. Analysts now interact with the platform through Hero AI, a collection of AI-enhanced features that intuitively understand and address their queries, streamlining analytical tasks. Webb highlighted the impact, stating, “It’s much easier to have an idea of what you need and simply provide that to a large language model or AI, and say, “This is the outcome I’m trying to get, so provide me the data in a way that I can read, understand, and make decisions.’” AI provides relevant data quickly in an easily digestible format, significantly speeding up the analysts’ decision-making process. The time-saving benefit is invaluable, and as the team continues to refine their AI use, they anticipate even greater productivity gains.

The enthusiasm around what AI can bring is evident, as team members constantly engage in learning and training to expand their capabilities. Hero AI makes analysts more effective, as the once-tedious task of data retrieval becomes nearly effortless. As Webb put it, “We’re all excited about it. We’re learning something new every day. They are excited because it makes them more powerful analysts and engineers.”

Tips to Implement AI Effectively

Webb recommends that organizations begin their AI journey by first asking what they want to use AI for. He suggests taking a mature approach by assessing the operational and security environments to identify deficits between desired resolutions and their impact on staff. “AI can meet almost any goal if you have an end goal to meet,” he adds, encouraging organizations to challenge themselves to determine their specific needs for AI. By clarifying their objectives, companies can effectively harness AI’s potential without simply throwing it at every challenge in hopes it will save the day.

Threat Hunting

The GDS SOC team faced an overwhelming volume of data and telemetry log sources entering their SIEM, making deduplication and data parsing challenging. Creating actionable playbooks was difficult without effective automation. Swimlane Turbine solved this issue by efficiently parsing and deduplicating the information, allowing the team to build better playbooks quickly through Turbine Canvas, a low-code playbook-building studio. Instead of spending hours gathering incident details, the analysts can now focus on threat hunting and mitigation. This improvement has significantly increased the team’s capacity to manage more cases and respond faster to threats. As Webb noted, “What once took three hours for a single analyst to reach the point of performing a threat hunt and mitigation is now reduced to just 30 minutes, allowing my engineers and analysts to handle even more cases.”

RESULTS WITH SWIMLANE TURBINE

“The only way to measure your SOC’s operational effectiveness is with a platform like Swimlane. It allows you to predictively design playbooks and measure human costs through the lens of time savings. Swimlane is the only platform that I’ve used today that does that effectively.” Some tangible results that GDS has realized from using Swimlane Turbine include the following.

The Addition of 20 Virtual Analysts

Automating tedious manual tasks has dramatically increased team efficiency and support capabilities. Webb remarks: “What I do today with 7 engineers and analysts would probably take an additional 20 staff members without Swimlane.”

A Record Number of Cases Analyzed

Webb highlights, “The metrics that matter most to me are how many cases my analysts and engineers can perform to a level of completion daily.” Since transitioning to Turbine, the team has completed an impressive 5,000 cases in a remarkably short period, a milestone they didn’t achieve in two years with their previous SOAR platform.

Over 2 Hours Saved per Threat Detection & Response

Swimlane’s powerful automation platform processes millions of fields every week, dramatically streamlining workflows across all wings and ensuring data consistency and unified operations throughout the force. “We free up cycles for them to go do other things,” comments Grigg.

Unparalleled Visibility Through a Unified  System of Record

Webb emphasized how Turbine enables better collaboration and a unified view by consolidating information, stating, “I like the ability of the platform to put nearly everything on a single pane of glass for my team.” Turbine’s modular case management makes after-action incident reviews more efficient. He added, “The best impact on executives and our clients as well is being able to tell the story through Swimlane very seamlessly versus some of the other platforms.”

EXCELLENCE THROUGH A WELL-TRAINED TEAM

Webb, drawing from his military and naval special warfare background, emphasized the power of small, highly trained teams in driving success—an approach he successfully applied at GDS with Swimlane Turbine. “I don’t want 20 people specialized in just one thing—I want a small, dedicated team that can be good at almost anything with the right leadership and tools,” Webb explained. By leveraging AI and automation, GDS achieved operational efficiency without expanding headcount, proving that, as Webb reflected, “More people doesn’t always solve the problem. More dedicated people do.” This mindset has been key to GDS’s streamlined operations and increased case completions.

Straight from the Source

I would recommend Turbine to my peers, because in the role of an operational manager, you simply cannot manage the level of caseload and threats that are thrown at SOC teams without it. I would argue that it’s impossible for any SOC team to not have Swimlane in their environment and be functional for very long.


Tracy Webb
Director of Information and Cyber Security Operations
Global Data Systems

Explore Swimlane Turbine

The world’s most capable security automation platform

Explore Turbine