Streamlined Security Operations and Response Times
Erik Battle, FoodChain ID’s CIO, described the company’s security operations goals. “We have a multi-faceted business, and our IT environment is distributed across multiple clouds and geographies,” he said. “We need to continually improve visibility across the environment while managing the risk of potential cyber threats, particularly around phishing and ransomware.”
Consolidated Visibility Allows Efficient Integration Across Business Acquisitions
While the core FoodChain ID business grows, the company has regularly acquired companies to expand its technology base or add customers. The FoodChain ID security team is responsible for managing risk and integrating an acquired firm after a deal closes.
Efficiently and effectively integrating a new business with a different security technology stack can pose challenges to any security team. According to Battle, “We want to get a single security view across our environment, and the GreyMatter platform helps to achieve that with its technology-agnostic approach. With acquisitions, we have to integrate IT security stacks with combinations of different endpoint protection, different firewalls, and multiple clouds. We need to quickly ingest new business units to maintain applications and our previous approach could not tie things together. GreyMatter helps us to quickly gain security visibility to new units and infrastructure, and then facilitate swapping out security technologies over time to standardize and gain efficiencies.”
84% Reduction in False-Positive Alerts Enables Proactive Security Initiatives
Before engaging with ReliaQuest, the FoodChain ID security team had to sift through alert noise, a task that distracted from delivering on more impactful security projects. As Battle described, “Working through false-positive alerts was a drain on the team. You can’t spend time on projects adding more business value when much of your time is spent triaging false-positive alerts.”
ReliaQuest GreyMatter, a cloud-native security operations platform built on an Open XDR architecture, has enabled the FoodChain ID security team to reduce false positives by 84%. Rather than spending a disproportionate amount of time on manual tasks and basic investigation of every security alarm, they can now focus on initiatives such as improving identity management, consolidating security tools, and supporting the business as the organization changes and grows.
Streamlining Security Operations Results in 81% Improved Response Times
External threat actors regularly attempt to compromise sensitive data, and Battle knows that the ability to quickly respond to threats is critical for his team. The FoodChain ID team has worked with ReliaQuest and the GreyMatter platform to drive down resolution times so they can stop threats earlier in the kill chain. Contextual threat intelligence, and expert threat and alert investigation performed by ReliaQuest experts, has helped the team continually drive down the mean time to resolve (MTTR) security incidents. In the latest quarter, the FoodChain ID team reduced resolution time by 81%, so MTTR is just over a day—despite an overall increase in alert volume.
The FoodChain ID team can investigate threats and quickly take action leveraging the automations and playbooks inside GreyMatter. As Battle described, “We use a variety of tools in our security program, including QRadar and CrowdStrike. With GreyMatter, investigations auto-populate relevant artifacts from across the environment so we avoid pivoting between security tools, and we can use playbooks to launch remediation actions in response to threats. The end result is that we can identify and respond to threats more quickly.”
Gaining Visibility and Insight to Better Manage Risk Leads to 15% Expansion in MITRE ATT&CK Coverage
Utilizing security metrics from GreyMatter has enabled Battle and the FoodChain ID security team to consistently communicate security goals, status, and the security operations roadmap with the company’s executive team and employees. The GreyMatter Security Model Index provides board-level metrics and reporting that the FoodChain ID team uses to understand its current statusand how the ReliaQuest–FoodChain ID partnership is performing. The Model Index also helps FoodChain ID develop a more accurate sense of its coverage and ability to identify, detect, and respond to the threats facing its business. This has enabled the company to understand and expand its threat detection coverage mapped to the MITRE ATT&CK framework by 15%.
In summarizing the relationship, Battle highlighted, “ReliaQuest’s approach to security provides us with strategic flexibility. As FoodChain ID grows and our security strategy evolves, ReliaQuest and GreyMatter can support that strategy no matter what security tools we may decide to deploy or the cloud infrastructure we use. ReliaQuest and GreyMatter’s flexible approach allow and enable the FoodChain ID to design our security model that fits our business, and the collaboration keeps things secure.”