Objectives
1. Reduce mean time to respond (MTTR) from 1 hour to 15 minutes,
2. Improve consistency in off-hours (nights, weekends, and holidays).
2. Improve consistency in off-hours (nights, weekends, and holidays).
Solution
To date, Salem has investigated alerts from this client's endpoint detection and response (EDR) tool. The client team, including their MSSP, already actively reviewed most alerts from this environment, but wanted to get better. Salem is part of a greater vision of leveraging automation to reduce MTTR by looking at all alerts but only prioritizing critical threats, allowing the client's security team to focus on high-impact incidents.
Impact
Salem analyzed alerts from 65,000 endpoints and achieved the following:
10 min
average mean-time-to respond, a decrease from 1 hour
8%
of threat escalations from Salem are for low-severity alerts
2-4
average number of alerts Salem escalates per week
In the past, we have had to balance seeing more alert use cases with alert fatigue. Salem's automation helps us manage that balance.
Head of Incident Response at a Fortune 100 Enterprise
