• CASE STUDY

How fernao magellan Automates over 100 Use Cases

Find out more about how Swimlane Turbine AI-Enhanced security allowed fernao magellan to mitigate alert fatigue so that analysts could focus on serious alerts and incidents.

Request a Demo

Case Study

Background

fernao magellan GmbH, a leading MSSP in Germany, has been a pioneer in IT security since 1992, providing comprehensive protection for businesses of all sizes, from medium-sized enterprises to global corporations. With expertise spanning cyber defense, infrastructure, data analytics, monitoring, and cloud solutions, they offer bespoke security strategies and managed services. Their commitment to innovation and collaboration drives the development of unique, automated, and integrated solutions to ensure the security and continuity of their clients’ digital operations.

With 20 years of experience in cybersecurity, Mike Schneider, senior analyst at fernao magellan, leads the computer emergency and response team. Schneider shares his experience leveraging Swimlane.

fernao magellan Saves 70% of Time with Swimlane Security Automation

German MSSP, fernao magellan, talks about how Swimlane helped their team consolidate case management, improve alert triage, and ultimately save 70% of the time previously spent on incident response.

SOC CHALLENGES

Unique Security Service Challenges

  • Prior to using Swimlane, fernao magellan “had issues with case handling, as it was spread across three different tools: One system where the alert are triaged, then switch to another system to create a case for this alert, and then go to the ticket system to inform the customer about it”, said Schneider. This fragmented workflow resulted in complicated operations and slowed incident response.

Analysts Disrupted by False Positives

  • fernao magellan deals with thousands of alerts every day, which can overwhelm analysts. The volume often leads to distractions caused by false positives, diverting their attention from critical alerts. Schneider emphasizes “We needed a system that takes the false positives out, so we can focus on the alerts that are crucial.”

Inefficient Customization of Client-Centric Solutions 

  • Customizing solutions manually for each client was a time-consuming endeavor at fernao magellan. Schneider and team needed to address a diverse array of client security needs and requirements with precision and efficiency. fernao magellan’s dedicated team of experts needed a flexible security automation solution to help them deliver highly tailored solutions for their clients.

THE SECURITY AUTOMATION SOLUTION

Security Automation Best Practices

  • When seeking an automation solution, Schneider was clear about his criteria. For peers who are currently evaluating security automation platforms, he recommends “A comprehensive solution that supports everything you need, including all modules and versions. Look at the community to see what people say and like about the product. Ensure your team can use it effectively. And look how good and fast the support is”

A Flexible Solution For Every Skill Set

  • fernao magellan needed a tool that could take advantage of their team’s advanced experience and expertise. Schneider emphasizes, “When a tool is fully no code, it can never be flexible enough. It’s just not possible. The ability to use Python is essential for the flexibility MSSP needs”.

On-prem Deployment Feature Parity

  • fernao magellan’s decision to purchase Swimlane was influenced by the fact that Swimlane’s on-premises offering was just as robust as its cloud counterpart. This ensured fernao always has consistent, high-quality features regardless of the environment. During the evaluation process, Schnieder found that no competitor could provide the on-premises feature parity that Swimlane offered.

Automate Suspicious Web Browsing Investigations

  • Swimlane has significantly improved fernao magellan’s ability to handle suspicious web browsing incidents. fernao magellan uses Swimlane and their firewall to efficiently manage nearly 90% of these cases by automatically investigating IPs linked to suspicious activities. Integrating data from sources like VirusTotal and AlienVault, Swimlane helps fernao magellan quickly differentiate real threats from false alarms to streamline operations and enhance overall security measures.

Improved Threat Detection and Response 

  • SentinelOne, Sentinel Defender, and Microsoft are the detection vendors for 60-70% of fernao magellan’s clients. Swimlane seamlessly integrates with these threat detection platforms to combine data from all of these sources into a single application for fernao magellan.  From here, Swimlane automatically filters and prioritizes security incidents for fernao magellan. This automated solution saves the team about 60% of the time typically spent on threat detection and response. 

Tailored and Timely Client Reports

  • With Swimlane, in just a few clicks, fernao magellan analysts are able to effortlessly customize reporting to meet various their customer’s unique preferences. This helps to ensure that Schneider and his team can send timely, tailored, and insightful communication to their customers.

RESULTS WITH SWIMLANE TURBINE

  • 140 Customized Use Cases Implemented: In less than 2 years, fernao magellan significantly enhanced its operational capabilities and efficiency by automating critical use cases such as case management, client communication, incident response, alert triage, and threat intelligence.
  • 30% Time Savings with Centralized Platform: From enrichment to threat intelligence and case management, Swimlane provides a centralized approach where all processes are integrated into one tool, enhancing overall efficiency. Schneider pointed out, “Having everything in one tool without switching between 3-4 different systems would save about 30% of time, just handling cases.”
  • Additional 30-70% Time Savings per Use Case: “Using automation to close cases instead of the analysts would save us between 30-70% depending on the use case”. This approach eliminates manual case closures, allowing analysts to redirect their efforts toward a more proactive threat detection and response strategy.
  • Reduction of False Positive Alerts: “Swimlane really helps cut down on false positives—it’s one of the main things it’s great at.” said Schneider. Swimlane filters alerts, ensuring only important threats are escalated to the team for further investigation, meaning that the team can focus their time on critical alerts.

Best-in-Class Customer Experience

In addition to the results that fernao magellan realized by using Swimlane, they also had a best-in-class customer experience. The team was able to lean on Swimlane’s customer support, for help managing and troubleshooting issues. This level of support reliability ensures that fernao magellan can maintain operational efficiency and security effectiveness without prolonged downtime or disruptions.

Straight from the Source

I would recommend Swimlane because of the outstanding support. Whenever we have an issue, it never takes more than 5 minutes to receive the assistance needed. I’ve consistently had excellent experiences with Swimlanes customer support.


Mike Schneider
CERT Manager / Senior Security Analyst
Blog

Why InComm Payments Chose Swimlane to Unite Its Tech Stack

Read More
Video

RV Connex Chooses Swimlane As “The Powerhouse” Of Their SOC

Read More

Explore Swimlane Turbine

The world’s most capable security automation platform

Explore Turbine