Secureworks Threat Score reduces alert noise and time to respond

Secureworks launched AI-powered Threat Score to silence alert noise and reduce security analyst workload by over 50%.

With ransomware dwell times falling, security analysts are under more pressure than ever to make the right decisions about which alerts they investigate. Threat Score equips them by anticipating the likelihood of a negative impact within the context of their operations, giving them – and the business – the confidence that their teams are reducing organizational risk.

Reducing alert noise and time to respond is the biggest area where AI can have an impact on security outcomes. The workload savings achieved through Threat Score ensures that analysts are actioning and remediating the threats that pose the biggest risk, faster. At a time when organizations are dealing with the largest and most pervasive cyber talent crunch in history, workload reduction enables internal teams to scale in a way not previously possible.

Threat Score, available in Secureworks Taegis XDR, integrates AI into security analyst workflows to enhance accuracy and improve response times across the business. Analysts working in the Secureworks Security Operations Center (SOC) have realized time savings of over 50% using Threat Score during the last 12 months. Through a continuous feedback loop with the Secureworks SOC, which involves labelling and data tracking, Threat Score continues to learn and become ever more accurate.

“For AI to have meaningful value within cybersecurity it must positively impact workload, productivity and the outcomes security teams are delivering. Where AI adds true value is in leveraging large volumes of data and threat intelligence to dial down the noise, within the context of an organization’s operations, to provide accurate information about threat severity and likelihood. With dwell times falling, the response window is getting ever smaller. Threat Score gives confidence that analysts are applying resources where it is needed most to manage cyber risk for the business and its stakeholders. The art of the possible when your analysts’ workload is cut in half is truly significant,” said Kyle Falkenhagen, CPO, Secureworks.

“You can only deliver these transformative innovations to customers if you have the variety, volume and timeliness of new security event data that Secureworks does. AI has so much potential to change the dynamics of cybercrime, and we’re working with customers and partners to responsibly shape a better future,” Falkenhagen continued.

Constantly trained using millions of security alerts across cloud, endpoint, network, email, identity, and business applications, Threat Score can better prioritize and understand the threat than SIEM and EDR because of the volume and variety of data. Threat Score assesses each alert and assigns a value that ranges from 0 to 10, with 10 indicating a greater likelihood that the activity poses a real threat to the organization.

The score, visible across the organization to SecOps analysts and the business, incorporates context about the organization’s security posture and environment. Uniquely, likelihood is based on several factors, including macroeconomic events, but assessed within the context of the organization’s environment. This means that a similar cyberattack might score higher for one organization than for another. Importantly, Threat Score, also provides visibility into how often the alert has been seen by Secureworks global customer base.

Factors that contribute to the Threat Score include: global insights, organization insights, number of alerts observed, percentage resolved, percentage escalated, percentage deemed malicious, and entity relationships with other alerts. This information previously required manual collation, which significantly impacts time to respond given Secureworks data found that 95% of alerts produced from third party solutions are false positives. Threat Score not only silences the noise, but it also provides analysts the information they need to speed up their decision-making process when a high-risk threat is identified.

“Secureworks has been an innovation powerhouse in the XDR and MDR spaces for a number of years, and features such as Threat Score underpin the company’s focus on leveraging AI to enhance detection and response, and support security analysts at a time when it has never been more needed,” said Lucas Ferreyra, Industry Analyst Cybersecurity Practice at Frost and Sullivan. “By reducing false positives and creating transparency into the threats an organization faces, Secureworks is empowering better risk management and delivering an enhanced understanding of cybersecurity at all levels of the business.”