“With the removal of human L1 as a result of automation the business has made a significant saving on the renewed MSSP contract. We have saved £1.3M over 3 years.”
RiverSafe SoC platforms
When RiverSafe initially built a SoC platform for Customer X, the L1 & L2 was outsourced. The contract value agreed was £5m for 3 years.
Automation of Level 1 activities & Level 2 tasks
Since then, RiverSafe have undertaken extensive automation of Level 1 activities and Level 2 tasks. As a result, MTTR was reduced by 40%.
Furthermore, we have enriched the data for events going to L2 to further improve the quality & validity of the alerts.
The contract renewal was negotiated last year. The new contact value is now £3.7m for 3 years. Savings of £1.3m.
Dedicated Security Automation Engineers
In order to achieve the cost savings, Customer X incurred cost associated with having 2 dedicated Security Automation Engineers to help with developing and maintaining the playbooks.
Reduced Alert Fatigue
Customer X is now able to de-duplicate via SOAR and remove false positives. Their alert fatigue has significantly reduced by about 60-70%.
“RiverSafe’s implementation of Cribl at Customer X is helping produce hi-fidelity data.”
Intelligent Data Routing & Data Hygiene
- Smart routing of data from a single position for fast growing number of different source types (11 currently).
- Data lake storage requirements reduction by as much as 30% on average**.
- Cribl is now feeding the Customer X SOC SIEM and UEBA platforms as well as the data lake (for beyond security specific analytics), eliminating the need for multiple configurations on data sources to these destinations.
- Total Current Cost= $1,202,500 per year (Splunk License+Compute+Storage)
- We anticipate approximately 30% reduction on this cost**
Key Data Sources Typical Reduction Darktrace 30% Crowdstrike 80% Microsoft Active Directory 70% Paloalto 30% This is a breakdown of the top 4 sources that are now routed via Cribl