TMCnet News
Advanced Threat Analytics Solves the Alert-Overload Problem with New Event Orchestration PlatformDALLAS, Oct. 4, 2017 /PRNewswire/ -- Advanced Threat Analytics (ATA) today announced its Alert Classification Platform, an innovative event-orchestration solution that takes a fundamentally new approach to security alert classification. Rather than alerting on "suspicious events" like security information and event management (SIEM) and other traditional systems do, the Alert Classification Platform leverages the power of network data, customer-specific patterns, white-list data and crowdsourced event-reduction playbooks to gain a deep understanding of normal network traffic and behavior. The system then uses this information to cleanse the alert pool by removing all "normal" events, leaving only genuine threats behind. The Alert Classification Platform, which integrates with SIEMs and other "chief offenders" of the alert-overload problem, is already deployed in 20 managed security services providers (MSSPs). These initial deployments have reduced alert volume by an average of 99.9%, which enables incident responders to focus only on genuine threats. This greatly improves their effectiveness while also enabling MSSPs and enterprises to control operating costs in their security operations centers (SOCs). Alert Overload Dictates Operating Models "The alert-overload problem has become so bad that it is dictating MSSP and enterprise SOC operating models. We call this 'Alert Tyranny,'" said ATA President Alin Srivastava. "The ATA Alert Classification Platform eliminates thi onerous problem by automating the investigation and removal of false-positive alerts, which means incident responders can focus all of their time on potential legitimate threats. This event-orchestration capability enables SOC teams to break free of Alert Tyranny and optimize deployment of their security resources." Borne of Necessity "Today's incident-response tools are simply automating a manual workflow that is still driven by false positives and redundant alerts. In other words, SOC operators are investing in tools that automate a fundamentally broken process; which, when you stop and think about it, caused us to re-think things," said Critical Start CEO Rob Davis. "The Alert Classification Platform actually fixes the process. Its 'zero-trust' model looks at everything and continuously learns through crowdsourcing event reduction so only bad or unknown items are left to investigate. ATA does not force us to find a needle in the haystack – it gets rid of all the hay so we can focus all of our efforts on the needles." Efficient Enterprise SOC and MSSP Operations With offices in New York City, San Francisco and Newport Beach, Calif., Halcyon Financial Technology, L.P. specializes in managed security and IT services for small- to medium-sized financial services companies. "Our clients turn to us because the financial services industry is built on trust, and operating in today's complex financial markets requires a sophisticated, high-performance technology infrastructure with as nearly bulletproof security as possible," said Gazi Ali, Director of Client Services, Halcyon Financial Technology, L.P. "Using ATA's platform, our clients have seen a 99% average reduction in alerts, which results in more efficient use of limited IT budgets and security analyst time, as well as better protected networks." Industry's First 'Mobile SOC' About Advanced Threat Analytics
View original content with multimedia:http://www.prnewswire.com/news-releases/advanced-threat-analytics-solves-the-alert-overload-problem-with-new-event-orchestration-platform-300530666.html SOURCE Advanced Threat Analytics |