CASE STUDY
UnderDefense MDR Solution Helped US Government Organization Reduce Threat Response Time to 9 Minutes
Key Results
9 min
32%
$700K
saved after entrusting security tasks to UnderDefense
Background
But, despite having all of the above in place, the client still had “security blind spots”. They also suffered from alert fatigue and delayed incident response caused by endpoint security and data silos.
The Challenge
Although the client’s company didn’t experience any breaches, they wanted to get in front of it. Knowing about security risks and their potential consequences made the decision easy.
So, when the time came to choose a security partner, they considered the value and capabilities each company had to offer. With UnderDefense, it was the ability to “Roll up your sleeves and get your hands dirty”. In other words, it was more than just the alerting capabilities but the ability to help the client resolve any issue.
Client Introduction
Industry
Government/Finance
Project Duration
December 2021 – ongoing
QRadar
Office365 + AD
Windows Servers
Palo Alto Firewall
CortexXDR
Covered Endpoints
1200+
Automated Rules Enabled
547
Challenges
- A limited internal IT team of 4 people without the necessary expertise to efficiently process all alerts promptly
- IT team was overwhelmed by alert fatigue, preventing them from concentrating on their primary tasks
- The inability to detect suspicious behavior from logs resulting from data fragmentation
- Alerts couldn’t be processed outside of standard business hours
- The inability to identify, assess, and respond to risks rapidly and effectively
- The inability to expand the team due to a lack of funding
Results
- Throughout the first 11 months, 12,500 alerts were identified, analyzed, and resolved, with 1,500 being of high or critical risk
- Around 1000 working hours were saved due to the reduction in the number of False Positives
-
A custom SIEM was created with automated rules to collect data from all security software
- 32% of threats occurring outside of the typical working hours were promptly addressed due to 24/7 monitoring
- The average time it took to identify, analyze, and deal with high and critical alerts was 9 minutes
- An estimated $700,000 was saved by entrusting monitoring responsibilities to UnderDefense
Challenges & Results
Challenge
- A limited internal IT team of 4 people without the necessary expertise to efficiently process all alerts promptly
Result
- Throughout the first 11 months, 12,500 alerts were identified, analyzed, and resolved, with 1,500 being of high or critical risk
Challenge
- IT team was overwhelmed by alert fatigue, preventing them from concentrating on their primary tasks
Result
- Around 1000 working hours were saved due to the reduction in the number of False Positives
Challenge
- The inability to detect suspicious behavior from logs resulting from data fragmentation
Result
- A custom SIEM was created with automated rules to collect data from all security software
Challenge
- Alerts couldn’t be processed outside of standard business hours
Result
- 32% of threats occurring outside of the typical working hours were promptly addressed due to 24/7 monitoring
Challenge
- The inability to identify, assess, and respond to risks rapidly and effectively
Result
- The average time it took to identify, analyze, and deal with high and critical alerts was 9 minutes
Challenge
- The inability to expand the team due to a lack of funding
Result
- An estimated $700,000 was saved by entrusting monitoring responsibilities to UnderDefense
It can take one email for your company to come from “Woohoo!” to “D’oh!”
Outcomes
The client stepped back from the old security and log management style that required collecting as much data as possible without the possibility of handling it. They moved to the next-gen security approach introduced by UnderDefense 24/7 Turnkey Managed Detection and Response (MDR) solution.
24/7 visibility and immediate threat response
As a part of the MDR solution, UnderDefense provided a dedicated SOC team to detect, investigate, and respond to suspicious activity twenty-four-seven. With such an approach, 32% of the alerts occurring after-hours and on weekends were immediately addressed by the SOC engineers.
Optimized network monitoring and costs
Improved staff cyber hygiene
Additional intrusion barriers
A more trustworthy network environment
Being prudent makes all the difference