Running continuous monitoring and response for hundreds of customers around the world is challenging. A large managed security services provider (MSSP) with several 24/7 security operations centers (SOCs) located in North America, Europe, and Asia faced the common challenge of scaling a growing number of customers with limited analyst headcount. With more customers came more security solutions and an ever increasing number of alerts. They wanted to increase the productivity of the security team through orchestration and automation so staff could stay on top of alerts and keep their customers safe.
This became a reality through the implementation of the Swimlane platform. Swimlane’s leading security orchestration, automation and response (SOAR) solution helps this MSSP to scale and grow their business without adding headcount every time a new customer is onboarded.
U.S. government agency improves efficiency to keep pace with increasing threats
Federal agencies are massive and highly distributed organizations that represent the U.S. government in the eyes of many people worldwide. As such, this particular U.S. government agency has an outsized threat profile and an ever-growing number of daily attacks.
To counter these threats, the agency has a 24/7 security operations center (SOC) with a large staff. They rely on dozens of point security systems as well as sophisticated SIEM and network security platforms. They are tasked with typical SOC functions like:
- Looking for anomalous activity
- Malware alerts
- Basic intelligence gathering
- Forensic, end-point and network investigations
- SIEM management
- PII and classified data spills
The Central Challenge
All of these point solutions and responsibilities generate tens of thousands of alerts every day. Prior to bringing on Swimlane, each alert had to be manually triaged and investigated. Much of the SOC’s time was spent on rote manual tasks like cutting and pasting information to and from ticketing systems or manually searching for information stored on various separate databases. Staff was becoming simultaneously frazzled and bored with their jobs.
In the meantime, the number of both false alarms and genuine threats kept increasing. As a government agency, it has a fixed headcount and could not just throw additional bodies at the problem. Eventually, the SOC simply would not be able to keep up with the ever-increasing number of both true threats and false alarms.
We used to spend hours manually digging into multiple systems and looking through approved software lists… Now unauthorized software is usually a 15-20 minute incident. It’s all been automated.U.S. Government Agency
SOC Section Chief
Swimlane provides the analysts all the data they need upfront—as soon as the alert triggers—which allows for much faster analysis and remediation. Since implementing Swimlane, the agency has seen dramatic improvements in mean time to remediation. For some routine types of threats, it is seeing reductions of 75-90 percent in both staff and response time.
This speedy time to response and resolution is enabled by giving analysts an instant global view of the threat while simultaneously relieving them of tedious manual work such as ticket generation, updates, and looking up information in separate systems.
The Section Chief estimates that the overall increase in efficiency is like a 50 percent increase in staff. This empowers security staff to be more proactive and really dig into anomalous issues. The new-found respect for the analysts’ time and expertise has additionally improved the morale for the entire SecOps staff and will undoubtedly lower staff turnover.
Explore Swimlane Turbine
The world’s most capable security automation platform