MSSP Combines the Power of Swimlane & AWS to Maximize Efficiency & Visibility

Find out more about how Swimlane and AWS help a major MSSP.

Request a Demo
AWS Swimlane case study mssp success

Case Study


Clients entrust Managed Security Services Providers (MSSPs) with a range of security responsibilities to meet regulatory requirements, ensure security readiness, monitor security tools, provide consulting and handle incident response. This is a significant challenge for the CyberOps teams tasked to protect the customers. Such services demand that analysts carry out repetitive tasks – usually manually – that consume most of their time and resources.

A leading cybersecurity and compliance firm in the MSSP space identified the need for a solution that could optimize these cybersecurity operations processes.

Their requirement: a security automation tool capable of leveraging their investment in AWS Cloud. Next came the task of selecting an automation solution that offered the flexibility needed to meet their customers’ unique requirements and the power to support their current staff quickly.

Key Challenges

Finding a way to Reliably Integrate, Scale and Adapt to a Diverse Security Tech Stack

This MSSP serves clients in a variety of industries including education, government, healthcare, manufacturing, defense contractors and more – many with regulatory and compliance requirements. To maintain strict compliance and meet unique business needs, companies in these verticals have begun to demand a higher standard from their providers. For MSSPs, this means more time managing unique, constantly-changing environments for a range of clients. By utilizing the AWS end-to-end approach to secure and reliable infrastructure, the MSSP’s clients are kept safe and secure.

The CTO of the MSSP explains, “The process of manually and securely integrating and developing connections with other platforms is time-consuming, demanding and has a high overhead, which can be overwhelming. Swimlane solves this problem for our team, and the reliability of it sitting on AWS infrastructure gives us added confidence in them as a strategic provider.”

The Cybersecurity Labor Shortage

Across the United States, security leaders are hit hard by the widespread talent and skills shortage. The problem is actually twofold – there aren’t enough qualified security professionals to fill open positions, and less experienced analysts can’t get trained fast enough. With over 600,000 unfilled cybersecurity jobs in the United States, it’s no surprise that organizations turn to MSSPs for qualified security professionals. But no company is immune to the pains of the cybersecurity skills shortage, not even MSSPs.

“Good people are hard to find, and when you do they are expensive,” the CTO explains, “one wants to provide an inferior service. We want the right talent, the right experts, but at what cost?”.

The quality of security expertise is directly proportional to the investment made. The MSSP believed that customers deserve the best security expertise and to retain their highly sought-after analysts, so it was essential to reduce the monotonous and repetitive tasks.

To achieve this, the CTO needed a solution that allowed them to automate “those time-consuming manual tasks, and those that have similar outcomes.  Something to take care of those initial research tasks that happen every time an alarm triggers or an event, or a threat is detected.  We know what needs to be done, so we want a tool that cut out all the manual steps. We want a tool that’s going to allow us to leverage the technology we’ve already invested in to create a more efficient and effective team”.

Straight from the Source

Swimlane & AWS serve as the binding agent for our security infrastructure. We have a diverse range of individual tools, but Swimlane allows us to unify them and generate higher-quality alerts, leading to faster detection and response times.



The Search for a Smart Solution

The MSSP’s team needed a solution that could help:

  • Offer a flexible platform that’s easy to implement, scale and integrate with a range of client tools
  • Automate and orchestrate repetitive tasks to save time, effort and overhead
  • Provide the ability to integrate with and leverage their existing AWS investment

The MSSP compared several security automation options and determined that Swimlane surpassed the others. Its low-code security automation flexibility allows for seamless integration with a variety of customer tools and adaptability to serve various clients. Swimlane’s platform has noteworthy features such as dynamic case management and customizable playbook building that simplify automation within the security operations center (SOC).

“Swimlane is going to serve as the central intelligence behind our technology infrastructure in the future. Its advantages include automation and orchestration, as well as its flexible and easy integration capabilities, which enable us to take a more impartial approach to product choice. We can integrate multiple tools, regardless of whether they are owned by the client or provided by MSSP. Our approach is not limited to a single vendor, offering us greater flexibility.”

Other security automation platforms limit teams to a select group of vendors for their SIEM, XDR and other security tools. Swimlane, however, offers a flexible integration framework through its API-first architecture, which allows for seamless integration with almost any product. This feature provides the necessary automation to enhance the quality of threat intelligence alerts and enable teams to focus on expert tasks instead of routine triaging.

The MSSP recognizes that threats can come from anywhere within an organization, not just the SOC. With Swimlane’s versatility, the MSSP plans to explore other areas of the organization where automation can improve processes.


Rapid Proof of Value

Swimlane quickly demonstrated its value to the MSSP’s security team, leading to a “60% increase in efficiency within 45 days of implementation”. This efficiency is expected to increase to 70-75% in the next six months, as Swimlane is adopted by the MSSP’s customers to improve performance. Swimlane acts as a central component in MSSP’s security stack, allowing for better alert quality and faster response times, resulting in a lower cost of entry for clients. Additionally, Swimlane has allowed the MSSP to take on more clients without the need to hire additional staff, providing high-quality services at a lower cost. 

Improve Security Metrics – “Swimlane & AWS serve as the binding agent for our security infrastructure. We have a diverse range of individual tools, but Swimlane allows us to unify them and generate higher-quality alerts, leading to faster detection and response times.”

Improved Event Management – “We’ve seen a significant increase in our ability to manage and prioritize events quickly, using SIEM and EDR playbooks.”

Increased Client Base – “By utilizing Swimlane, we’ve been able to take on more clients without the need for additional staff, resulting in a lower cost for clients while providing higher-quality services.”

Explore Swimlane Turbine

The world’s most capable security automation platform

Explore Turbine