Solving the cybersecurity capacity problem

Intelligent Security Orchestration and Automation hexadite.com

2017

Solving the Cybersecurity Capacity Problem


Overview

• About Hexadite

• Today’s Incident Response Challenge

• Intelligent Security Automation & Orchestration

• Customer Highlights


About HexaditeSTATS

FOUNDED 2014

HEADQUARTERS Boston

R&D Tel Aviv

INDUSTRIES COVERED• Telecom• Retail• Media• Insurance

• Financial Services• Technology• Energy• Manufacturing

INVESTORS

HIGHLIGHTED CUSTOMERS FOUNDERS

Led by ex-military intelligence IR experts, who have run SOCs/CIRTs and trained cyber analysts globally for over a decade.

Eran BarakCEO

Barak KlinghoferCPO

Idan LevinCTO

Intelligent Security Orchestration and Automation hexadite.comhexadite.comIntelligent Security Orchestration and Automation

From Alert to Remediation in

Minutes at Scale.


Today’s IR Challenge


Top IR Challenges

People ProcessTime to investigate an alert

then remediate it is slow

TechnologyComplex environments and too

many alerts to handleWorldwide cyber skills gap and huge variance in skills


Too Many Alerts, Too Few Resources

*Source: Security Orchestration and Automation: Closing the Gap in Incident Response – ESG Research

< 500

5%

500 – 1,000 1,001– 5,000 5,001– 10,000 10,001– 15,000 15,000+

10%

27% 28%

21%

9%

• 58% of companies get more than 5,000 alerts per month

• Where do you fit?

• What is being missed?

• One cyber analyst can handle roughly 10 alerts per day

• An analyst can only focus on one alert at a time

• That’s 300 per month (but they generally take weekends off)

• Mean time to alert

• Mean time to investigation

• Mean time to remediation


Intelligent Security Orchestration and

Automation


Intelligent Security Automation and Orchestration


Customer Success: Nuance

“When we first saw the technology from Hexadite, it seemed too good to be true. We tried the product, and it all came true—it solved our problems and greatly reduced costs.”

Doug GrahamCISO

Endless loop of tuning, correlating, and tuning again

IT and security wasted time diagnosing issues

With lean staff they resorted to re-imaged machines Stopped spending time re-imaging

Saw a 95% automation rate

Continue automating new use cases

• Technology Industry

• 10,000 Endpoints

ABOUT

• Force multiplier for investigation and remediation

• Automate what is currently being done by people

REQUIREMENTS


Customer Success: IDT

“Hexadite was able to go in right away, give us results and help me solve my security challenges.”

Took up to 15 minutes for alert correlation

Team bogged down investigating alerts with high false positives

Tried writing scripts to automate, but wasn’t maintainable / integrated

Replaced scripts with full automation

Able to focus people on strategic items

Investigate in less than half the time

• Telecommunications

• 16,000 Endpoints

ABOUT

• Force multiplier for investigation and remediation

• Automate what is currently being done by people

REQUIREMENTS

Golan Ben-OniGlobal CIO


890

6

$170,000

15

Based on your inputs, you spend $1,020,000 annually to investigate 10% of your alerts. You are paying $44.97 for every investigated alert. 10%

With More Analysts With AutomationIf you were to investigate 100% of your alerts without automation, you would need 59 cyber analysts to manually investigate your alerts

COST ANNUALLY FOR 59 ANALYSTS

$10,086,666.67

COST PER INVESTIGATED ALERT

$31.05

Using automation, you'll be able to investigate 100% of the alerts you receive from detection systems. Using5% of the cost of hiring 59 analysts.

ANNUAL AUTOMATION COST

$504,333.00

ANNUAL STAFF COST

$1,020,000.00

COST PER INVESTIGATED ALERT

$4.69


Why Hexadite AIRS

Threat Intelligence Cloud

Cross Platform collectionand remediation

Visualization framework

Utilizing youreco system

Time to value (Days)


What Customers Get

Increased Capacity

• Respond at the speed of automation

• Investigate and remediate all alerts automatically

• Free up critical resources to work on strategic initiatives

Lower Costs

• Takes away manual, repetitive tasks

• Automated remediation eliminates downtime

• Retain tier 1 and 2 analysts

Immediate ROI

• Get the full value of detection systems and people

• Up and running in hours, results are instant

• Stronger overall security



Thank You!

Business

Solving the cybersecurity capacity problem