Managed Security Services Providers (MSSPs) are trusted with an array of security tasks by their clients: regulatory compliance, security readiness, security tool monitoring, consulting, and incident response. That’s no small feat for these cybersecurity operations (CyberOps) teams protecting customers. These services require analysts to manually perform repetitive tasks, which take a great deal of time and resources. ProCircular, a cybersecurity and compliance firm in the MSSP space, identified the need for a solution that could optimize these cybersecurity operations processes.
The answer: security automation. Next came the task of selecting an automation solution that offered the flexibility needed to meet their customers’ unique requirements and the power to support their current staff quickly.
Integrating and Adapting to Client Tool Stacks
ProCircular serves clients in a variety of industries – education, finance, government, healthcare, manufacturing, transportation, defense contractors, and more – many with regulatory and compliance requirements. To maintain strict compliance and meet unique business needs, companies in these verticals have begun to add more solutions to their technology environments. For MSSPs, this means more time managing unique, constantly-changing environments for a range of clients.
ProCircular CTO, Brandon Potter, explains, “the time and the effort and the overhead to manually integrate and develop integrations into other platforms – or to reduce some of that manual overhead – really takes a toll.”
Their clients were “working to integrate more IAM (Identity and Access Management) type components and other user behavioral analytics pieces”. ProCircular desired a flexible security automation platform that would be able to integrate with a range of client tools, while also offering much-needed scalability and ease of implementation.
The Cybersecurity Labor Shortage
Across the United States, security leaders are hit hard by a widespread talent and skills shortage. The problem is twofold – there aren’t enough qualified security professionals to fill open positions, and less experienced analysts can’t get trained fast enough. With over 600,000 unfilled cybersecurity jobs in the United States, it’s no surprise that organizations turn to MSSPs for qualified security professionals. But no company is immune to the pains of the cybersecurity skills shortage, not even MSSPs.
“People are expensive,” Potter explains, “especially good people – and no one wants to provide an inferior service. We want the right talent, the right experts”.
You get what you pay for when it comes to security expertise. For ProCircular, it was a no-brainer: customers deserve high-quality security expertise. To keep ProCircular’s top, hard-to-recruit analysts engaged, that meant cutting down on mundane, repetitive tasks.
To do so, Potter needed a solution that allowed them to automate “those manual tasks and those repetitive tasks that have a very similar outcome. Or those first five things that are always done when an alarm triggers or an event or a threat is detected. Let’s remove the manual need for that. Let’s make sure we’re leveraging the technology to the fullest to provide more efficiency and capacity within the team”.
Straight from the Source
Swimlane is really going to be the backend brain of our technology stack for the future. Not only will it help with automation and orchestration, but the big draw for us was the flexibility and ease of integrations for a more product-agnostic approachBrandon Potter
The Search for a Smart Solution
ProCircular’s team needed a solution that could help:
- Offer a flexible platform that’s easy to implement, scale, and integrate with a range of client tools
- Automate and orchestrate repetitive tasks to save time, effort, and overhead
After evaluating a handful of other security automation solutions, ProCircular found that Swimlane stood out above the rest. The flexibility of low-code security automation makes it easy to integrate with nearly any customer tool, as well as scale to meet the needs of countless clients. The Swimlane platform offers powerful features like dynamic case management and customizable playbook building that make it easy to automate and orchestrate across the security operations center (SOC).
“Swimlane is really going to be the backend brain of our technology stack for the future. Not only will it help with automation and orchestration, but the big draw for us was the flexibility and ease of integrations for a more product-agnostic approach…We’re able to integrate multiple different tool sets, whether they’re client-owned or ProCircular provided…We’re not going in with one vendor – we’re much more flexible.”
With other security automation platforms, teams can end up restricted to a shortlist of vendors for SIEM, XDR, and other tools. Swimlane’s API-first integration framework enables on-demand integrations with nearly any product. “It provides that much-needed automation and orchestration where we can integrate threat intelligence inquiries to really bring the high fidelity alerts up to the front. This gives us more time to hunt for the needle in the haystack, rather than triaging things that are known. We can spend expert time on expert tasks”.
ProCircular realizes that threats aren’t solely contained to the SOC, but lurk in every corner of an organization. “Given the flexibility of Swimlane, we will absolutely look – even outside of the security operations center – for use cases where we might be able to enhance processes with automation”.
Security Automation Fast Facts
Improve Security Metrics
“Swimlane really is the glue that holds everything together in our security stack.”
Faster Event Triage
“We’re seeing a significant uptick in the number of events we can triage in a timely manner”
Growth in Customer Acquisition
“We’ve been able to add more clients strategically without expanding our cost with additional staff”
60% Efficiency Increase
“That 60% increase allowed us to really start analyzing the data and metrics coming in”
From the start, Swimlane was able to drive success for the security team at ProCircular. “During our 45-day proof of value time…we saw close to a 60% efficiency increase on our team. That 60% increase allowed us to really start analyzing the data and metrics coming in about how many alarms, what criticality, how fast can we get those.” Over the coming months, Swimlane is being adopted by ProCircular’s customers to enhance performance across the client base. “I would suspect in the next six or so months, that we’ll be close to a 70-75% efficiency rate”.
Improve Security Metrics: “Swimlane really is the glue that holds everything together in our security stack. We have all of these unique and individual tool sets. With Swimlane, we’re allowed to cohesively bring that together and provide those higher-fidelity alerts – and reduce our mean-time-to-detect and mean-time-to-respond.”
Faster Event Triage: “We’re seeing a significant uptick in the number of events we can triage in a timely manner, and declassify or raise the priority using some SIEM triage playbooking as well as some EDR playbooking.”
Growth in Customer Acquisition: “In order to do this much work, we would’ve had to add an additional three or four analysts immediately to handle the amount that we’re handling. So we’ve been able to add more clients strategically without expanding our cost with additional staff – in turn providing higher-quality services at a lower entry cost for those clients”.
Explore Swimlane Turbine
The world’s most capable security automation platform