Automated security operations for managed security service providers (MSSP)
The Digital Investigative Group (DIG) is a Managed Security Services Provider (MSSP) startup based in Montana. The company’s goal is to bring cybersecurity to a place where, until recently, technology has not been a core focus. The DIG works with local government entities and managed service providers (MSPs) to help enhance their cybersecurity posture and defend against cyber threats.
DIG Chief Cyber Forensicator, Zach Tielking, puts it best, “we bring a higher level of security and certification to these smaller businesses”.
Automate Phishing Defense & SIEM Alerting
Zach Tielking, Chief Cyber Forensicator at Digital Investigative Group (DIG) talks about the importance of Swimlane as part of the company’s leading manager security services offering. Learn how DIG uses Swimlane to automate phishing workflows and process alert data in seconds.
As the DIG’s customer base grew and its reputation increased, so did its need for qualified cybersecurity professionals. And finding qualified cybersecurity experts was difficult — especially in Montana. Even now, there are an estimated 3.5 million unfilled cybersecurity positions in the United States, a 350% increase over the past eight years.
“There’s a large skills shortage, especially in Montana. There aren’t a lot of programs teaching cybersecurity here.” The DIG realized the difficulty in finding qualified individuals to protect their customers and identified a solution that could help fill the skills gap: security automation.
“In Montana, just like everywhere else, there’s been a real need for cybersecurity individuals. It’s been very difficult for us, as well as other businesses, to find those individuals. We really turn to automation to help ourselves be able to keep up and bring security to Montana.”
Building a Phishing Defense
The responsibility of an MSSP is to protect not only the technology and data but the people who use it as well. People are a prime target for cyber attacks, so much so that 85% of breaches involve a human element. The FBI’s Internet Crime Complaint Center reports that phishing is the most prevalent threat in the United States.
According to Tielking, “phishing stills tends to be the number one attack vector. Humans are a big vulnerability inside of environments. To get solutions to help us process those phishing emails faster was the number one thing we needed inside automation.”
Phishing attacks frequently target employee emails, which means security teams, like the DIG, have to respond quickly and analyze thousands of emails to determine whether or not they are real threats. This requires lengthy manual review and analysis, something that takes up a great deal of time and team bandwidth.
The DIG needed to automate the phishing defense process, which is critical for protecting its clients from sensitive data loss. The winning automation solution needed to automate the phishing email investigation process so that the team could assess threats faster and take action before problems arose.
Straight from the Source
When we were searching for automation, we found Swimlane to be one of the few products that actually allowed us a more versatile and custom build into automation.Zach Tielking
Chief Cyber Forensicator
Versatile Automation Across the Tool Stack
We built Turbine for the future of automation. It provides unparalleled flexibility and an environment-agnostic approach to deliver greater value than legacy SOAR, no-code automation, or a combination of SIEM and XDR solutions. There are 4 unique technologies that make Turbine standout.
MSSPs serve a range of customers, each with their own unique business needs and applications. A security automation solution must be versatile and customizable to fit the complex needs of MSSPs and their customers – both now and in the future. That means no vendor lock-ins or integration limitations. MSSPs also need to save time on mundane, repetitive tasks, so an automation platform should be easy to configure into the existing infrastructure. As a core part of MSSP security operations, a best-of-breed solution will also automate across the tool stack to provide more visibility into previously siloed tools.
The DIG compared a range of security automation and SOAR vendors to find a platform that could automate beyond conventional security operations center (SOC) use cases. During the search, Swimlane stood out for several reasons.
Versatility and Customization: Tielking highlighted that these were required traits for their security automation platform. “When we were searching for automation, we found Swimlane to be one of the few products that actually allowed us a more versatile and custom build into automation. We saw, with other SOAR solutions, that they had canned, out-of-the-box stuff that would allow for a fast startup, but not a lot of customization past that. Where Swimlane was different – and why we decided to go with Swimlane – is that those initial options were frameworks that allow us to really customize to our business standpoint, and where we needed to go.”
Quick Time Savings: The first few weeks of implementing a new security tool are often the most important. For the DIG team, Swimlane’s fast turnaround meant they could process phishing data faster. The time savings was immediate.
“In the beginning, from our first initial call and setup, it was only a week and we were already processing through our data. Getting some of that information [processing] done first – this allowed us to take that time savings from phishing to build our SIEM solution. So, within the first couple of weeks, we had Swimlane up and processing our data, and adding the value of time savings to our business. It was fast.”
A System of Record for Security: “We use Swimlane as a central repository for all of our data coming in. We use it to automate all of our other tool stacks, to bring our tech into almost a ‘single pane of glass’ situation. That really allows them to work in one area – no one product, no one software – that keeps it easier for training, learning, and overall quality of life.”
5-Star Support: The experience with a vendor is just as important as a product’s capabilities. Tielking was immediately impressed with Swimlane’s support quality. “The Swimlane Support staff are amazing. They’ve been really accommodating. The support staff has helped me in every
Security Automation Fast Facts
Increased Endpoint Device Count
“Swimlane helped our staff be able to focus on those endpoints without the manual process.”
30-40% Time Savings
“This has really allowed us to cut back on the time it takes for us to make a determination”
Versatility & Customization
“We found Swimlane to be one of the few products that actually allowed us a more versatile and custom build into automation.”
“When it comes to support, Swimlane is above the rest”.
For the DIG, success happened quickly with Swimlane. Low-code security automation empowered their team to do more in less time, which led to quantifiable improvements.
Increase Endpoint Device Count: Tiekling identified that Swimlane’s low-code automation “allowed our business to expand our endpoint device count from a couple hundred to now several thousand – without expanding our staff. It helped our staff be able to focus on those endpoints without the manual process.”
30-40% Time Savings: Tielking explained how the DIG team used Swimlane to automate their SIEM solution. “We brought in those alerts and help get some of the initial manual tasks that require a lot of tech time – to go and investigate those alerts – into our automation. This has really allowed us to cut back on the time it takes for us to make a determination on those different alerts we get out of our MDR and EDR solutions.” The savings was immediate, with “close to 30-40% of the time it takes” to manually triage SIEM alerts, “it’s now just seconds inside of Swimlane”.
The DIG was invited to beta test Swimlane Turbine and experience its new features and power. One of the most exciting components in Turbine is faster, easier playbook building. For the DIG team, this was a game changer.
Continued Success with Swimlane Turbine: “Getting to work in the Turbine Beta program was a really great opportunity for the DIG. We got to see what’s coming. It shows the playbooks that will really lower the barrier-to-entry to create automations for our new techs that come on board. It really allows us to have more flexibility in using staff who haven’t had experience using or building in SOARs. With Turbine, I’m really excited because it’s going to allow a lot of our staff to get into automating the different processes we work on daily.”
Impressive results are already expected from what they’ve seen with Turbine.
“The turbine playbooks will probably be another 2x to 3x time-saving efficiencies to the DIG. We’ll be able to take those already semi-complex – or very complex – workflows we work with, and break them into a better method for running through these playbooks. It’s really exciting to see that we’ll be able to take our automations and push them to the next level”.
Explore Swimlane Turbine
The world’s most capable security automation platform