How adding SOAR turned ineffective MSSP into valuable asset

How adding SOAR turned ineffective MSSP into valuable asset

The relationship between in-house security teams and managed service providers is becoming more complex. With the emergence of MDR, companies are able to outsource more of their incident detection and response. Whether you’re working with an MDR or MSSP, optimizing the value you get from your security budget is a must.

We were able to help one of our clients, a global financial technology company, greatly increase the contribution they were getting from their MSSP by getting them working on D3 XGEN SOAR. You can read a detailed case study about that project here, including how the client’s in-house security team quickly saw a 10X increase in their alert-handling speed. In this post we’ll take a closer look at how D3 helped improve the relationship between the client and their MSSP.

 

Challenges with the MSSP

Before implementing D3, the FinTech Company was struggling to get value out of their MSSP. Because of the issues with the complex software environment, MSSP analysts could rarely even handle basic alerts without consulting with the FinTech Company’s SOC team. Alerts that didn’t require escalation would routinely end up back in the SOC queue.

Issues with the technology stack also made the FinTech Company vulnerable to surpassing their alert quota with the MSSP. For example, when the company replaced an IDS tool, it created a spike of 150 alerts per day. The MSSP was charging per alert, so the company’s software struggles were directly affecting their bottom line.

 

How SOAR Helped the SOC and the MSSP

By implementing D3 XGEN SOAR, the FinTech Company was able to integrate and streamline their security technology, improving their working relationship with the MSSP while bringing great benefits to their SecOps overall.

The overall improvements (which you can read about in much more detail in our FinTech Case Study) were striking. Alert response times in the SOC improved 10X, and D3 was able to autoclose 24% of alerts. Eight tools were integrated with D3, with more on the way. Codeless playbook building, better reporting, and a guided setup module for integrations all helped the company’s in-house team achieve their operational goals and minimized time wasted on repetitive tasks.

In addition to the benefits seen in the SOC, D3 also revolutionized how the MSSP supported the FinTech Company. With D3’s full enrichment, end-to-end playbooks, and product integrations, the MSSP now rarely has to consult with the SOC team to resolve alerts. Because the MSSP can access D3, which aggregates alerts and intelligence, and orchestrates across tools, the FinTech Company doesn’t need to grant them access to all their internal tools, which makes their data more secure.

With D3, the MSSP has become a much more cost-effective and accountable partner, responding to alerts 3-4X faster in just the first few months after implementation. Less alerts are going to the MSSP as well, which means the FinTech Company is spending less money. With D3’s playbook builder, the Manager of Security Operations was able to filter out the types of alerts that were causing quota-threatening spikes before they got to the MSSP.

 

Read the Full SOAR Case Study

You can read our complete FinTech Case Study here to learn more about the challenges the client was facing, how D3 helped, and how the client’s use of the platform is evolving to incorporate different teams throughout the company.

If you want to see for yourself how next-generation SOAR can help your company, schedule a one-on-one live demo today.

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.

XGEN SOAR demo image

XGEN SOAR Demo

Speak to a SOAR expert about your automation strategy.

See our product in action.

Let's Get Started