How adding SOAR turned ineffective MSSP into valuable asset
The relationship between in-house security teams and managed service providers is becoming more complex. With the emergence of MDR, companies are able to outsource more of their incident detection and response. Whether you’re working with an MDR or MSSP, optimizing the value you get from your security budget is a must.
D3 Security, a leading provider of Security Orchestration, Automation, and Incident Response (SOAR), was able to help a global financial technology company. They greatly increased the contribution they were getting from their MSSP by getting them working on D3 Seucrity’s XGEN SOAR. You can read a detailed case study about that project here, including how the client’s in-house security team quickly saw a 10X increase in their alert-handling speed.
In this post, DataSolutions, the leading IT distributor of D3 Security in the UK and Ireland, takes a closer look at how D3 helped improve the relationship between the client and their MSSP.
Challenges with the MSSP
Before implementing D3, the FinTech Company was struggling to get value out of their MSSP. Because of the issues with the complex software environment, MSSP analysts could rarely even handle basic alerts without consulting with the FinTech Company’s SOC team. Alerts that didn’t require escalation would routinely end up back in the SOC queue.
Issues with the technology stack also made the FinTech Company vulnerable to surpassing their alert quota with the MSSP. For example, when the company replaced an IDS tool, it created a spike of 150 alerts per day. The MSSP was charging per alert, so the company’s software struggles were directly affecting their bottom line.
How SOAR Helped the SOC and the MSSP
By implementing D3 XGEN SOAR, the FinTech Company was able to integrate and streamline their security technology, improving their working relationship with the MSSP while bringing great benefits to their SecOps overall.
The overall improvements (which you can read about in much more detail in our FinTech Case Study) were striking. Alert response times in the SOC improved 10X, and D3 was able to autoclose 24% of alerts. Eight tools were integrated with D3, with more on the way. Codeless playbook building, better reporting, and a guided setup module for integrations all helped the company’s in-house team achieve their operational goals and minimized time wasted on repetitive tasks.
In addition to the benefits seen in the SOC, D3 also revolutionized how the MSSP supported the FinTech Company. With D3’s full enrichment, end-to-end playbooks, and product integrations, the MSSP now rarely has to consult with the SOC team to resolve alerts. Because the MSSP can access D3, which aggregates alerts and intelligence, and orchestrates across tools, the FinTech Company doesn’t need to grant them access to all their internal tools, which makes their data more secure.
With D3, the MSSP has become a much more cost-effective and accountable partner, responding to alerts 3-4X faster in just the first few months after implementation. Less alerts are going to the MSSP as well, which means the FinTech Company is spending less money. With D3’s playbook builder, the Manager of Security Operations was able to filter out the types of alerts that were causing quota-threatening spikes before they got to the MSSP.
Read the Full SOAR Case Study
You can read D3 Security’s complete FinTech Case Study here to learn more about the challenges the client was facing, how D3 helped, and how the client’s use of the platform is evolving to incorporate different teams throughout the company.
If you want to see for yourself how next-generation SOAR can help your company, schedule a one-on-one live demo today.
This blog was originally published on the D3 Security website, by Walker Banerd on the 5th July 2021 You can find the original blog post here.