Fortune 500 Innovator Automates SecOps—Now Preventing Potential Breaches Faster
95% Reduction in Alert Noise. Outperforms Traditional SIEM. Prevents Potential Breach.
Financial services companies depend on technology to do business. Yet even the biggest commercial banks and the most established investment firms struggle to keep up with its rapid pace of change—and to protect themselves, their reputations, and their customers from a rising tide of ever more sophisticated cyber threats. According to recent industry reports, 16 of the 20 largest banks in the world have experienced significant cyberattacks within the past year, and more than half of all financial services organizations have fallen victim to distributed denial-of-service (DDoS) attacks or data theft.
In this climate, how can a small to mid-sized organization hope to reliably safeguard its high-value financial data? How can a lean financial services security team be confident that it can protect an IT infrastructure that criminals consider an especially attractive target? And how can this team do so cost-effectively and efficiently?
It’s a tall order, but our customer, the mortgage and title division of a major home-building firm, has long considered information security among its highest priorities. Its CISO, an industry-leading expert with decades of experience in risk management and network security, knew that the intelligence and reliability of Robotic Decision Automation made it the right software for the job.
Rising to the challenge: The Respond Analyst increases coverage, improves the existing security solution stack’s performance
Before implementing the Respond Analyst, the company had deployed a traditional security information and event management (SIEM) platform to collect and aggregate log data from security sensors across its environment. Their SIEM solution served one critical function: it provided a repository for the log data that the company needed to gather in order to meet compliance requirements.
But tuning the platform—and dealing with the enormous volume of non-actionable alerts that it generated—was becoming an increasingly onerous task. On average, the security team was spending one quarter of their total working time adjusting, monitoring, and maintaining the SIEM.
To develop a cybersecurity monitoring program that would rival those of much larger organizations, our customer wanted to increase sensor coverage, adding east-west traffic monitoring to guard against attempts to move laterally across the network. And the company’s IT leaders wanted to improve their ability to monitor the telemetry data their team was already collecting—all without adding employees to their staff, or significant increases to their budget.
Integrations with open-source tools make the Respond Analyst effective and affordable
After they were invited into a design partnership with Respond Software, our customer discovered how well the Respond Analyst could meet its security needs—and how well a strong partnership with its creators has supported the deployment. “Respond has been responsive to our feedback, and this has helped the Respond Analyst perform better in our environment,” says the CISO.
Today the financial services company continues to maintain its SIEM solution side-by-side with the Respond Analyst. Over the past year, the SIEM platform has generated tens of thousands of escalated incidents, while the Respond Analyst has only escalated 160. Yet the SIEM detected no legitimate incidents that the Respond Analyst didn’t also escalate. And the Respond Analyst escalated several incidents that the SIEM missed.
There’s no way to be sure, of course, but it’s possible that any one of these events might have resulted in a breach, and if it had done so, the incident would have cost our customer tens of thousands of dollars, if not more.
Today, with the Respond Analyst integrated into their security solution stack, and working alongside their human security analyst team, our customer has seen a 95 percent reduction in alert volume. What’s more, they’re more confident in their ability to detect malicious activities, to reduce attackers’ dwell time on their network, and to achieve enterprise-grade, industry-leading results: all with a small team and limited budget.