Deepwatch partnered with a healthcare organization to optimize their detection capabilities, significantly lowering the number of escalations, reducing their overall alert volume, and improving the noted true positive rates of their notifications.
Working with Ezer Group as the key partner, Deepwatch was able to greatly improve the customer’s managed detection and response capabilities delivered through their Splunk investment, improving visibility into the organization’s threat environment and significantly enhancing their cyber resilience.
The Challenge
Low Fidelity, High Volume Alerting
As a global organization delivering workforce education and training solutions to various healthcare organizations and providers, the customer faced significant challenges with the high volume of their alerts, many of which were false positives. Having a significantly complex security environment, the customer required specific customizations to achieve their goals while successfully delivering their unique compliance requirements and compensating controls.
Initial efforts to implement their solution resulted in significant challenges in dealing with the resulting alert volume and investigative workload. The resulting high alert volume and investigative workload of their initial implementation efforts deprived the team of the precious time needed to identify and resolve the critical threats to the business.
When seeking a managed security provider, the customer struggled to find one that offered not only the necessary Splunk expertise but also the flexibility needed to effectively address their existing security team’s obligations.
To overcome these challenges, the customer partnered with Ezer Group to identify a provider to assist with their alert volume, Splunk management, and regulatory requirements using their existing technology stack.
The Solution
Human-led, Splunk Expertise Tailored to Unique Challenges
Deepwatch experts implemented a tailored strategy to extend the capabilities of the company’s existing team, optimize their Splunk instance, and achieve high fidelity and actionable alerting. This approach continues to support the company’s current investments and compliance requirements.
Cyber Outcomes
The Deepwatch solution led to several key cyber resilient outcomes for the customer, including:
- Platform stabilization and optimization
- Improved visibility into complex security environments
- Significant reduction in alert volume through increased fidelity
- Greatly expanded capabilities for their existing SOC staff
- An overall improvement to the organization’s security program effectiveness
Deepwatch was pivotal in the customer’s successful cyber outcomes, saving them approximately three days a week of combing through alerts and improving their SOC team’s efficiency, saving millions of dollars that can now be reallocated to other areas of their business. As a result, the customer was able to begin discussing expanding their SOC to include additional peer companies.
Read the complete case study to learn how Deepwatch is committed to cyber resilience unique to the healthcare industry.