Our Goal: Successful Security Operations for Every Customer
Successful security operations require a detailed understanding of the organization
Our first priority: understanding our customers’ business drivers, security mandates, technology infrastructure, and pain points. We focus on this information-gathering long before a customer begins implementing the TopoONE platform. We design an implementation plan based on many factors, such as the size of the security operations team, existing and planned sources of threat intelligence, company security initiatives, and priorities.
Before customers partner with us, they are often flooded by incoming alerts from various systems, each with their own screens and processes. This creates a situation where security analysts receive too much information, including irrelevant alerts. Frequently these analysts must also piece together time-consuming response processes, such as copying and pasting data between systems. We shift this paradigm by consolidating these different data feeds and processes in one platform.
A phased implementation, based on customer programs and priorities
We help each customer tailor their TopoONETM instance to match the priorities of their security operations. We provide different training and customer support options to match customer needs.
We typically recommend a phased implementation approach that helps security teams address key challenges and business objectives. We begin by mapping the customer assets which must be protected. Using custom colors and icons, we make it easy to understand which types of assets are included within the common operating picture.
Next we add different subscription and open-source intelligence feeds. This includes our shared intelligence library, which provides TopoONE customers a growing collection of OSINT feeds as part of their subscription.
We create filters and automations for threat intelligence and other risk data so that only the important, potentially impactful alerts are displayed. This customization drives effortless comprehension and efficient response.
Depending on a customer’s mandate, we help the GSOC team create different situational awareness maps as part of their common operating picture. These maps display intelligence for different use cases, such as critical event management, travel risk, supply chain stability, and more.
We design each customer’s workflow to match existing processes and standard operating procedures. We include automation where helpful – for example, to automatically escalate severe alerts.
One of our most important objectives is empowering our customers to understand their security programs by the numbers. We provide automated team performance metrics such as mean time to respond. We also create more comprehensive reports that help our customers better understand the types of threats they face, and the impacts these threats have upon their assets.
Ongoing support for successful security operations
The business world is dynamic, and security teams must mitigate risks in a business climate that evolves rapidly. Security programs and priorities change over time. We designed the TopoONE platform to accommodate this reality, and we take the same approach with our customer success program.
As customers identify new intelligence sources or priorities, we help them modify their common operating picture, workflows, and reports as needed. We teach our customers to make these changes themselves, in realtime, using features like the TopoONE Workbench.
We are constantly adding capabilities and intelligence feeds to the TopoONE platform. We work closely with our customers to make sure they receive the maximum benefit from each new feature. We identify and share best practices between our customers to foster collaboration and continuous improvement.