Advanced Threat Analytics Solves the Alert-Overload Problem with New Event Orchestration Platform
Cloud-based, Subscription Platform Reduces False Positive Alerts by 99.9% in Initial MSSP and Enterprise Deployments; Dramatically Reduces Costs and Improves Incident Response in Security Operations Centers
Oct 04, 2017, 08:30 ET
DALLAS, Oct. 4, 2017 /PRNewswire/ -- Advanced Threat Analytics (ATA) today announced its Alert Classification Platform, an innovative event-orchestration solution that takes a fundamentally new approach to security alert classification. Rather than alerting on "suspicious events" like security information and event management (SIEM) and other traditional systems do, the Alert Classification Platform leverages the power of network data, customer-specific patterns, white-list data and crowdsourced event-reduction playbooks to gain a deep understanding of normal network traffic and behavior. The system then uses this information to cleanse the alert pool by removing all "normal" events, leaving only genuine threats behind.
The Alert Classification Platform, which integrates with SIEMs and other "chief offenders" of the alert-overload problem, is already deployed in 20 managed security services providers (MSSPs). These initial deployments have reduced alert volume by an average of 99.9%, which enables incident responders to focus only on genuine threats. This greatly improves their effectiveness while also enabling MSSPs and enterprises to control operating costs in their security operations centers (SOCs).
Alert Overload Dictates Operating Models
Incident responders in MSSP and enterprise SOCs are struggling to investigate an overwhelming avalanche of daily security alerts, most of which are false positives. With today's networks protected by multiple security systems, each of which triggers hundreds to tens of thousands of alerts per day, these organizations have no choice but to hire more personnel to investigate the oppressive volume of alerts. This bloats operating costs and reduces security effectiveness, since employees are forced to waste enormous amounts of time investigating false-positive security alerts. In some cases, SOC operators resort to reducing alert volume by turning off security features or ignoring large numbers of alerts, which greatly increases the risk that legitimate security events will go undetected.
"The alert-overload problem has become so bad that it is dictating MSSP and enterprise SOC operating models. We call this 'Alert Tyranny,'" said ATA President Alin Srivastava. "The ATA Alert Classification Platform eliminates this onerous problem by automating the investigation and removal of false-positive alerts, which means incident responders can focus all of their time on potential legitimate threats. This event-orchestration capability enables SOC teams to break free of Alert Tyranny and optimize deployment of their security resources."
Borne of Necessity
Living this issue daily, ATA was founded in 2015 by a core team of security and SOC experts from Critical Start, an MSSP based in Texas. The founders were looking for a way to address the operational challenges they faced from alert overload and developed the patent-pending technology behind the Alert Classification Platform to solve it. They decided that other MSSPs and enterprises could benefit from this technology, which led to the formation of ATA. Since then, the company has signed up MSSPs and other Value Added Resellers and formed technology partnerships and integrations with key security vendors, including Carbon Black, Cylance, ProtectWise, Splunk and others.
"Today's incident-response tools are simply automating a manual workflow that is still driven by false positives and redundant alerts. In other words, SOC operators are investing in tools that automate a fundamentally broken process; which, when you stop and think about it, caused us to re-think things," said Critical Start CEO Rob Davis. "The Alert Classification Platform actually fixes the process. Its 'zero-trust' model looks at everything and continuously learns through crowdsourcing event reduction so only bad or unknown items are left to investigate. ATA does not force us to find a needle in the haystack – it gets rid of all the hay so we can focus all of our efforts on the needles."
Efficient Enterprise SOC and MSSP Operations
Mattress Firm, the leading national mattress retailer with 3,500 stores across 49 states and major ecommerce operations, turned to ATA when its network was generating more than 200,000 alerts per day. "After turning on ATA's platform, we reduced our alerts by 99% from 200,000 to 5 or 10 per day so now our security team is not overwhelmed and stressed out from chasing down false positives, redundant alerts or 'known good' items. Instead, our team has the time to focus on more strategic activities to protect our network," said Brad Hollingsworth, Director of Cyber Security for Mattress Firm.
With offices in New York City, San Francisco and Newport Beach, Calif., Halcyon Financial Technology, L.P. specializes in managed security and IT services for small- to medium-sized financial services companies. "Our clients turn to us because the financial services industry is built on trust, and operating in today's complex financial markets requires a sophisticated, high-performance technology infrastructure with as nearly bulletproof security as possible," said Gazi Ali, Director of Client Services, Halcyon Financial Technology, L.P. "Using ATA's platform, our clients have seen a 99% average reduction in alerts, which results in more efficient use of limited IT budgets and security analyst time, as well as better protected networks."
Industry's First 'Mobile SOC'
Another challenge for SOC analysts is that to review, analyze, remediate or delegate incidents, they need to be at their computers. If it is off-hours, they have to disrupt their personal lives to VPN into the network and triage the situation. To unchain security analysts from their laptops, ATA has also developed its Mobile SOC, the industry's first incident-response mobile app. The ATA Mobile SOC automatically synchronizes with ATA's cloud-based Alert Classification Engine to give security analysts full access to incidents as they happen, so they can be addressed on-the-go to expedite remediation. The ATA Mobile SOC is available for iOS and Android devices.
About Advanced Threat Analytics
Advanced Threat Analytics enables large enterprises and MSSPs to overcome the alert-overload problem. The company's Alert Classification Platform and Mobile SOC enable a new kind of security event orchestration that frees incident responders from alert overload, and enables them to effectively analyze and triage alerts anytime and anywhere. More information is available at www.advancedthreatanalytics.com.
SOURCE Advanced Threat Analytics