Zero-Trust: Putting Alert Overload to Bed Once and For All

Zero-Trust: Putting Alert Overload to Bed Once and For All

In 2016, the world’s leading mattress retailer acquired a mattress manufacturer – and with it, they inherited the acquired company’s security infrastructure, including new licenses of Carbon Black. Initially, the plan was to implement the software alongside their existing systems and use it to protect the business as a whole, but they didn’t have the resources in-house to get the technology up and running successfully.

Enter CRITICALSTART and its Managed Detection and Response (MDR) service team. During a meeting with the customer, CRITICALSTART demonstrated how fast and simple it would be to implement the software using its purpose-built Zero-Trust Analytics Platform (ZTAP) under the watchful eye and constant monitoring of the CRITICALSTART Security Operations Center (SOC) team.

CRITICALSTART worked with Carbon Black, as well as partners Cylance and OpenDNS, to incorporate all of the customer’s end points and begin managing them via ZTAP. This was a turning point for the customer – historically, they battled extreme alert overload, exhausting their small internal IT team that was forced to sort through thousands of daily alerts stemming from across their security infrastructure. There was simply no way to review them all, let alone investigate them at any level of depth. Therefore, they were left to “cherry pick” alerts, and in some cases, turn off key alerting functionality altogether, which ultimately compromised security. And with the acquisition of the new company – and all their systems – the alert overload problem and resulting vulnerability would only get worse.

But with CRITICALSTART, alert overload was no longer an issue. The CRITICALSTART CYBERSOC used ZTAP to manage and monitor the customer’s alerts, ultimately reducing the number of alerts by 99.9%. The customer went from 550,000 security alerts to 31 incidents to 1 escalation. So now, the customer’s own IT team can stop sifting through piles of false-positive alerts and instead focus on those that truly are a threat – and redirect the bulk of their time to more strategic opportunities.