Security Services Provider Reduces MTTR by 25%

About

A managed security service provider (MSSP) delivers investigative, discovery, and forensic solutions. The firm’s forensic investigators are experienced in protecting organizations against data compromises, trade secret theft, and unauthorized access.

Challenge

IT security is complex and overwhelming for many organizations. Too few analysts are faced with too many alerts from too many security tools. Therefore, many without enough security resources outsource information security to MSSPs. However, MSSPs find themselves in the same situation. They have many disparate tools producing tens of thousands of alerts for too few people to investigate. Security analysts are often overwhelmed with determining which alerts are genuine and which ones can be ignored across diverse customers. As alerts arrive, analysts at this MSSP use multiple run books to document research and remediation processes. Operating the run books becomes more challenging as customers acquire additional software tools. More tools force analysts to manually update multiple systems with the same forensic information and remediation processes. The process takes too much time.

Solution

This MSSP implemented Krista Intelligent Automation to reduce the complexity for security analysts and automate run books. Krista connects multiple security services and apps (Encase, AXIOM, Crowdstrike, Splunk) and uses AI to consolidate information and provide analysts a single view of an alert. Categorization includes filtering and sorting through alerts to identify which ones are genuine and need further investigation. Krista then pushes priority alerts to ServiceNow so analysts can document status and store information. Krista then automatically inputs this information into customer ticketing systems, removing several manual steps from the process and simultaneously informing customers of their threats. Since Krista automates each run book and formulates a conversation about each threat among analysts, customers, and systems, the conversation can be transferred to the next shift if necessary. Automating the remediation processes in Krista enables the company to change existing run books easily. If a customer adds a forensic tool or a process needs modification, Krista relieves analysts from implementing or remembering changes so they can focus on remediating threats at customer sites.

Results

Since implementing Krista, the organization has significantly reduced its time to investigate, document, and respond to security incidents. Reducing the time it takes to serve customers has allowed the company to grow top-line services revenue without needing to add security personnel. Overall, Krista has helped the organization reduce its mean time to resolution by twenty-five percent (25%) and improve its efficiency and effectiveness in managing its IT security operations.

“We are going through major growth and transformation to keep up with the cybersecurity market. During this time of transformation, we focused on building efficiencies in everything we do, and one of the primary areas was around our customer experience lifecycle. We would not have been able to transform and improve our customer experience without Krista. “- CEO, Managed Security Service Provider.