and Improved Visibility
“We need to continually up our security game because adversaries like to go where the money is. In order to deliver on security projects, the team doesn’t have time to be triaging noisy security alerts,” said Andrew Opicka, information security engineer at FCCU. “Our security operations have to be really efficient to achieve FCCU’s goals and protect and serve our members.”
Finding a More Adaptable Approach to Security Operations
In the past, FCCU faced challenges in finding a security partner capable of growing alongside FCCU and adapting to an ever-evolving security technology toolset. As Opicka mentioned, “Our security technology stack changes and evolves. We had run into situations where we wanted to deploy a tool, but a provider couldn’t support that change. We needed someone who could integrate with the tools we have today, and what we might use in the future.”
Liberating More Time to Focus on Strategic Projects with 93% Reduction in Alert Noise
Before deploying ReliaQuest GreyMatter, the FCCU security team struggled to wade through alerts, leaving little for key security initiatives. As Opicka mentioned, “Before ReliaQuest, we were dealing with a flood of alerts, most of which were false positives. The previous provider we engaged had a rigid approach that didn’t provide room for tuning to fit our environment. We needed more responsiveness and flexibility, and we found that with ReliaQuest.”
ReliaQuest GreyMatter, a cloud-native security operations platform built on an Open XDR architecture, has enabled FCCU’s security team to focus more time on projects. Instead of spending excessive time on manual tasks, the FCCU team can focus on rolling out new technology and on other initiatives that improve FCCU security.
GreyMatter has reduced alert noise for FCCU by 93%. “When we get an alert notification from GreyMatter, it is something we pay attention to. GreyMatter cuts through the chaff so we can focus on and resolve more substantive security incidents. Not dealing with alert noise also allows us to focus to drive key projects rather than sifting through false positives and duplicates,” Opicka said.
Accelerating Response with the GreyMatter Mobile App
FCCU was among the first organizations to deploy the GreyMatter Mobile App. With the GreyMatter app the FCCU team has been able to receive notifications, analyze incidents, and take action to resolve issues—all from their mobile devices. As Opicka commented, “The GreyMatter mobile app has allowed me to travel while on call without a constant email tether. Now, we can collaborate with the ReliaQuest experts to evaluate security alerts while on the go. It helps our team to understand and resolve security issues more quickly and effectively.”
Streamlining Security Operations’ Results with Improved Threat Response
As a financial institution, FCCU is a prime target for threat actors. Staying secure requires the FCCU team to be at the top of its game in detecting, investigating, and responding to threats. The longer a threat lingers, the greater the likelihood of damage.
Through GreyMatter threat detections, FCCU has expanded its MITRE ATT&CK coverage over time, moving the needle from 44% to 72%. FCCU has also accelerated its threat response thanks to GreyMatter’s ability to streamline investigations. GreyMatter automation informs FCCU investigations by auto-querying relevant technologies, eliminating duplicate alerts, and enriching alerts with contextual data from related technologies, threat intelligence, and historical information. By using the automated playbooks within GreyMatter, the FCCU team is better able to investigate threats and quickly take action while leveraging their existing tools. As a result, FCCU has reduced its mean time to resolve (MTTR) by 70%.
Gaining Visibility and Improving Risk Management
Using the security operations performance metrics from ReliaQuest allows Opicka to consistently communicate security challenges and goals to the company’s executive team and across the organization. Prior to ReliaQuest, the FCCU team found it difficult to clearly understand and manage their security risk. Now, by understanding deployed threat detections mapped to the MITRE ATT&CK framework along with understanding security team performance metrics and MTTR, FCCU has a better sense of its standing against the risks most critical to its business. Opicka mentioned, “We previously did not have a simple dashboard to understand status. The GreyMatter Security Model Index provides the metrics we need to understand how our program is performing.”