SOAR’ing to Success: How a Major US Bank Streamlined their SOC

Reading Time : 3min read

According to the 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn’t just the big players caught in the line of fire. IBM’s report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes — from local credit unions to Fortune 500s — are at risk. 

While ransomware attacks get the most time in the financial headlines, most breaches aren’t caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.

Auditing the Alert Landscape

The security team of a top 10 US bank struggled to manage a flood of alerts from over 400 hard-coded rules in Splunk. In one case, a single rule designed to detect traffic to bad URLs in web proxy logs was triggered about 225 times per week. Each individual alert also required about 30 minutes of an analyst’s time to triage. 

While the team had established an effective way to distinguish true threats from false positives, the process involved manually checking each alert against other suspicious activities. The team checked for unusual increases in file transfers, spikes in network traffic, and attempts to reach other known bad URLs. They also cross-checked each alert with threat-analysis sites like VirusTotal. Out of the nearly 900 alerts triaged per month, only 3 required further escalation. That means 897 of the alerts triggered were actually false positives. Enforcing this single protocol required over 127 analyst hours per week.

Devo SOAR is in to Save the Day

When your SOC needs a hero, Devo SOAR is here to help. Devo SOAR, an AI-driven solution, is significantly easier to implement and use than competitive platforms. Plus, it yields a fast time to value, with most customers seeing a return on investment within 30 days. Devo SOAR enables your team to easily create playbooks with a no-code editor and its AI-driven assistant – Autonomous Detection and Response Assistant (AuDRA) – sits alongside analysts to guide playbook creation every step of the way. Additionally, Devo SOAR’s patented decision automation capability, proven to exceed human accuracy, enables your team to focus on the most critical alerts by leveraging AI to take actions that significantly reduce false positives.

With this technology at its fingertips, the bank’s security team was able to build automation workflows that mimicked all the steps, cross-checking and correlation they’d previously needed to perform manually per alert. The system also annotated each alert, providing full detail and context into what happened to provide visibility into the process and resulting solution.

Show Us the Money

The end result was that each alert from Devo SOAR required only 5 minutes. That’s an 83% reduction in analyst triage time. However, the team was cautiously skeptical about the quality of the results, so they did audit testing of Devo SOAR against their manual process.

The test showed that the SOC team not only saved time, but their results were also more accurate. With the manual process, security analysts made 98 mistakes per month (a 14% error rate), mischaracterizing threats or their severity. Once the SOC adopted Devo SOAR, error rates dropped to 21 mistakes per month (a 3% error rate). With the dramatic time savings, the SOC team shifted their analysts’ time to focus on proactive threat hunting instead of repetitive, reactive, mind-numbing tasks.

Ready to experience the same results? Schedule a demo

Not ready for a demo? Read our Buyer’s Guide on Intelligent Security Automation.

Ready to release the full potential of your security data?

Tour the Product Request a Demo