Cyber Security for Partners of the Defense Industrial Base (DIB) Increasing Bandwidth and Response
The Client
Large Water Management District in Florida
Summary
We are in the midst of a critical workforce shortage in the cyber security industry. According to the (ISC)2 Cybersecurity Workforce Study, the U.S. had a security workforce gap of 436,080 jobs at the end of 2022.
This gap means companies rarely have the bandwidth to address all of the alerts and threats that their environment experiences. As most threats are rated through a static system that lacks context needed to determine true risk, this could leave valuable systems unguarded and under attack.
Conquest Cyber is more than a partner – we are a comrade to our customers in the cyber battlefield. Standing shoulder to shoulder, our team limits the noise in their environments, handles low and medium level threats and escalates only the critical alerts which allows them to focus.
By maintaining constant communication with customers, adding new data sources and implementing new technologies, Conquest continually optimizes the experience and service provided.
For this particular customer, we only escalate an average of 87 cases of the 3259 they receive in a month. This is an escalation rate of just 2.67%. Beyond threat detection, management, response and escalation, we are a sounding board, a resource and partner in a breach – filling the needs that they have when they have them.
Problem
LACK OF BANDWIDTH AND VISIBILITY
A prominent architecture and engineering firm in the Defense Industrial Base (DIB), required a mature and effective cyber program to be successful. With 50-100 alerts coming in each day, the company found itself struggling to respond to the volume of alerts received.
This is a common problem for low bandwidth teams – but the issue was compounded by a lack of automated technology and skewed asset prioritization. Prior to Conquest, the firm had only minimally leveraged their E5 and Sentinel capabilities and was in serious need of greater cyber environment visibility. Due to their limited manpower, they began their search for a partner that could provide proactive 24/7/365 SOC services and monitoring in a cost-effective manner.
Solution
AUTOMATION TO ELIMINATE THE NOISE
Conquest and the client fundamentally agreed on their approach to cyber security –leading to what has become a flourishing partnership. Once chosen as their MXDR provider, Conquest enabled their E5 and Sentinel product to better serve their environment and implemented automations that managed a large percentage of their alert cases.
Their internal team now only needs to dedicate manpower to 2-3 of its 100 daily cases. Meanwhile, after just eight months, the mean time to detect, respond, triage, and assign are all down an average of more than 82%.
Our team is an extension of their own. This partnership includes 24/7/365 access to a dedicated team of cyber engineers that is continuously working to optimize the firm’s E5 and Sentinel usage, strategically update their baselines and automate additional responses.
RESPONSE TIMES WITH CONQUEST
Mean Time to Detect (MTTD) |
79 minutes |
Mean Time to Respond (MTTR) |
31 minutes |
Mean Time to Triage (MTTT) |
26 minutes |
Mean Time to Assign (MTTA) |
25 minutes |
This proactive approach results in an economic and mature cyber program that manages alerts in a timely manner. Rather than adding additional team members to their internal team, the relationship focuses on added technology and automation when issues arise.
Choosing Conquest has resulted in a partnership that enables the firm with the tools they need to flourish within the DIB while being confident in their cyber resiliency each day.
Distinctives
CONSTANT IMPROVEMENTS LEAD TOWARDS CYBER RESILIENCY
Conquest Cyber serves as more than a vendor, but rather acts as a partner. By understanding each environments’ maturity, Conquest can adapt and adjust its services to meet its needs. In the case of this customer, this means automating processes whenever possible rather than just adding a position onto their payroll.
It’s a successful approach that increases threat detection which decrease threats that require human action.
Like all strong partnerships, it is a mutually beneficial relationship. Conquest has been able to learn from the firm to improve on our AI capabilities, and now all sectors within our critical infrastructure are reaping those benefits.
Conquest is proud to support its customers in the cyber war. Because of our mission focused strategy, we often go beyond scope and take proactive measures to ensure cyber resiliency to sectors that are critical to our way of life.
Outcomes
REDUCING THREAT ESCALATION AND RESPONSE TIME
When overextended SOC teams only have the capacity to respond to HIGH threat incidents and alerts, seemingly small threats can slip under the radar.
Because typical severity ratings are static in nature and do not take business context into account, they are not always accurate. If it is an attack on your most valuable asset, this can create costly vulnerabilities and large-scale incidents for the business.
By augmenting their team, automating processes and optimizing their tools, our partnership allows the firm to better visualize and manage their overall risk.
