In case you missed it, you can still watch our recent workshop featuring Stephan Tallent, CRO at US-based master MSSP High Wire Networks, and Pierre Noujeim from D3 Security. The thought-provoking workshop, titled ‘Win More Business with Your Own MXDR and MITRE Offering‘, is a must-watch for security leaders at MSSPs. Our presenters dissected how MSSPs can leverage automation to deliver profitable and scalable services while capitalizing on market shifts in the managed services industry.
Tallent, a renowned security services expert with over 20 years of experience in managed services, shared valuable insights into making the MSSP to MDR and MXDR evolution work for any organization. His know-how in building managed security service practices in different types of service provider businesses proved instrumental during the discussion. Noujeim, a product marketing manager at D3 Security and an automation expert, shared the tangible benefits of Smart SOAR.
From the importance of XDR’s role in risk reduction to the importance of deep EDR integrations, the workshop’s insights encapsulated the challenges and opportunities for MSSPs today. Here are some key takeaways from this insightful workshop that highlights the impact of D3’s Smart SOAR.
Navigating the Shift from Security Asset Management to Detection and Response
“Security asset management is not seen as valuable as it used to be. Now the real value is around detection and response, and being able to do that across everything else, not just the endpoints” said Tallent, acknowledging the industry’s shift in focus. He explained how High Wire Networks leveraged D3 for comprehensive alert triage and automated decision-making, based on the MITRE ATT&CK framework. This strategy enabled them to normalize and correlate security telemetry and alerts, providing a more robust security posture. “At the end of the day, what we were leveraging the D3 platform for was to go through a detailed alert triage,” said Tallent. “Go on and poll threat intelligence information, push up indicators of compromise to the threat intelligence and get stuff back. Have automated decisions being made based on MITRE ATT&CK. So much of this stuff became automated,” he added.
Streamlining Alert Management: Smart SOAR Achieves 99.86% Reduction
“Before D3 implementation, we were dealing with hundreds of thousands of alerts coming off of all the different technologies that were in play in the customers’ environments,” said Tallent. “What we were able to do with D3 was really reduce the noise by 125 times from what we were dealing with.” This massive reduction streamlined operations and focused the attention of their analysts where it mattered the most.
“Security today is a big data problem,” Tallent emphasized, pointing out the vital need to separate the signal from the noise. With D3, High Wire Networks went from handling around 144,000 alerts in a two-week test period to focusing on just about 200 alerts each month that are truly worth their analysts’ attention.
From Hours to Minutes: Boosting Analyst Incident-Handling Speeds by 88%
Tallent is well acquainted with the rigors of SOC life. “It’s a life-sucking job to sit there and look at massive amounts of data coming in and trying to figure out what you should be paying attention to,” he said. “You’re petrified that you might miss something and have a customer suffer from that,” he added, echoing what many studies on SOC burnout have highlighted previously.
Tallent praised D3’s automation capabilities, stating, “It wasn’t like we were automating and not doing as good of a job. It actually translated to the opposite, we were able to really fine-tune what needed to be looked at and it allowed our analysts to do a really good job focusing on their tasks.” He shared that automation significantly improved their response times, which, in turn, enhanced customer satisfaction.
Tallent highlighted the substantial impact of D3 Smart SOAR on High Wire’s response times, stating, “Really, D3 was a quintessential part of being able to be more effective, more responsive, and improve our SLAs around response times.” He laid out a compelling metric for the effect, saying, “We went from an average response time of 30 minutes to an hour to a turnaround time of 30 seconds of recognition and five minutes with analysts’ eyes on glass looking at the situation. Do the math there.”
So we did! The response time was reduced by approximately 88%, and the absolute time saved was 39.5 minutes, if you compare it to an average analyst response time of 45 minutes.
Tallent then explained the relevance of this drastic improvement. “Your people are your number-one expense and if they’re wasting time trying to figure out what they should be paying attention to, as opposed to mitigating risk, then your margins will suffer. And you might lose customers because you’re not doing a good job of reducing risk for them.”
Case Study: How High Wire Networks Eliminated 99% of Alert Noise and Increased Capacity 3x Without Adding Headcount
Avoiding Vendor Lock-in with Vendor-agnostic SOAR
Navigating the vast landscape of SOAR platforms can be daunting. With each platform claiming to be the best, it’s challenging to know which one will truly serve your specific needs. A critical aspect to consider, according to Tallent, is the importance of avoiding vendor lock-in.
Tallent shed light on the role that D3’s Smart SOAR played in fostering this independence. According to him, D3’s extensive capabilities in security services and operations provided High Wire Networks with a broad scope of flexibility. This flexibility is vital for powering their Managed Extended Detection and Response (MXDR) service, which needs to handle vast volumes of data and alerts.
Vendor lock-in can hamper an organization’s agility and ability to adapt to new technologies and trends. As Tallent noted, “The ability to have an open platform that allowed us to incorporate and support hundreds of different security technologies in play allowed us to meet the customer where they were at in many of the technology scenarios.” This perspective underlines the significance of an open, flexible platform in keeping pace with the dynamic nature of cybersecurity threats.
Tallent’s experience also indicates that some vendor-oriented or native XDR solutions tend to focus primarily on expanding the wallet share for their larger business rather than providing a comprehensive, flexible security solution. With D3, however, the focus is on delivering robust, adaptable security, encapsulating not just ingestion and dealing with data but also efficient response actions when needed. “We liked the D3 platform because it gave us the ability to support and better operationalize any of the security technologies we’re running into…We’ve yet to run into a technology that we haven’t been able to get D3 to integrate into with full-blown support,” says Tallent.
Revolutionizing Managed Services: Smart SOAR Powers Profitable MXDR
This is just a fraction of the insights packed into our recent workshop, which you can watch here on demand. Learn more about Smart SOAR’s Event Pipeline, security and non-security use cases for MSSPs, and generating revenue through MITRE frameworks. Pierre also gave a quick demo of Smart SOAR where you can see how it handles credential dumping threats. Ready to transform your security operations? Sign up now for a personalized demo of Smart SOAR and experience the difference firsthand.
