A Buyer’s Guide for Modern Security Automation
A Deloitte Insights article recently reported the energy industry is one of the top three sectors targeted for cyberattacks in the United States. And it’s clear that attacks are on the rise. Attacks on energy encompassed 20 percent of the total number of incidents reported in 2016, and there was “an extreme uptick” in early 2018 in cyberattacks targeting the electric grid in North America.
With the number of nation-state threat actors increasing and expanding their capabilities combined—and possibly intersecting—with internal threats such as disgruntled employees or contractors, the need for effective risk management is now greater than ever.
Energy Customer Profile:
- Energy infrastructure company focused on electric and natural gas infrastructure
- Serves approximately 40 million consumers worldwide with $11.6 billion in revenues
- Headquartered in California with 20,000+ employees
- 20+ person Security Operations Team
The energy infrastructure company’s security operations center (SOC) team recognized the need to automate some security processes and manual tasks to improve response times and extend the reach of their internal security analysts. The company initially deployed Swimlane’s security orchestration, automation and response (SOAR) platform to manage internal corporate security processes. The SOC team integrated Swimlane with their security information and event management (SIEM) system, threat intelligence, phishing and case management solutions, among others, for an orchestrated and streamlined response to active threats.
Since deploying in early 2018, the company has expanded the use of Swimlane to encompass broader use cases to include such tasks as automating employee risk management for high-risk travel and employee verification, as well as domain, credential and host management to validate and minimize exfiltration. In addition, the company has expressed an interest in expanding the solution to other security operations throughout the company.
Some interesting usage stats include:
- Triaging over 250,000 SIEM alerts
- Managing 450 SIEM events per day
- Fully automating 15 percent of events (end-to-end) and all events are at least partially automated
While the solution’s ROI has not been measured quantitatively, the anecdotal ROI has been communicated in “time savings equal to at least one full-time SOC analyst.”
Straight from the Source
Swimlane has helped us automate low-level alerts, which has helped our team focus on more proactive hunts. This single pane of automation (not ‘glass’) makes it easier to automate processes, review activity and prioritize responses.Internal User
Energy Infrastructure Organization
Explore Swimlane Turbine
The world’s most capable security automation platform