Autonomous SOC PlatformDPD Automates SOC Tier 1 Tasks with Intezer
With a lean security team, DPD Poland uses Intezer to automate triage, investigation, and remediation of endpoint security alerts, keeping the company more secure while saving them over 2,500 hours.
DPD Poland is the leader of the Polish courier market and part of Geopost, a parcel delivery network operating in nearly 50 countries that delivers 8.4 million parcels worldwide each day
DPD’s Goals
- Reduce risk by getting deeper analysis about every incoming alert.
- Leverage advanced automation to save resources.
- Speed up incident response to keep the company secure.
The Alert Triage Challenge
Piotr Albrecht’s security team realized they needed deeper analysis about incoming alerts from their endpoint security tool – it wasn’t always clear what was going on with a given alert. But investigating deeper would take advanced skills and too much time.
As the security officer at DPD Poland, Albrecht initially started to search for an external sandbox solution. But using a traditional sandbox solution would still take time and resources they didn’t have to spare.
What his team really needed was clear, immediate answers about endpoint alerts they had to triage and respond to from SentinelOne. With a small number of skilled staff, Albrecht also needed a solution that was easy to implement and use.
The Intezer Alert Triage Solution
40%
Percentage of alerts identified and resolved as false positives by Intezer
2,500+
Hours of work Albrecht estimates that Intezer saves his team on an annual basis
100%
Alerts triaged by Intezer’s automated evidence collection and investigation of suspicious behavior and files
Percentages calculated from a sample of alerts analyzed by Intezer over a 90 day period
While searching for a sandboxing solution, Albrecht discovered that Intezer could address multiple challenges the team was facing.
Intezer integrates with SentinelOne to automatically triage every alert. By analyzing artifacts like files, URLs, and live endpoint scans, Intezer could immediately auto-remediate false positives and provide DPD with actionable analysis for real incidents. And Intezer’s automated alert triage process includes malware analysis, eliminating the need for a separate sandbox just to investigate malicious files.
Albrecht decided to run an extended trial with support from Intezer’s team of experts to test out how the automated triage and analysis of SentinelOne alerts would work. Albrecht’s team connected Intezer with a SentinelOne API key to begin ingesting new alerts. Immediately, they were able to start seeing Intezer’s triage results and analysis of their incoming endpoint alerts.
In terms of IT security, Intezer definitely increases our efficiency. We are saving time. In terms of risk, we can react faster.
Piotr Albrecht, Security Officer at DPD Poland
With Intezer, they could avoid having staff analyzing individual files with a sandbox, as well as the human errors that come from such a manual process. Intezer also doesn’t have the kind of “bad days” that can cause a human analyst’s performance to suffer, Albrecht says, ensuring they get fast, consistent analysis on alerts almost instantly.
With Intezer, they also discovered that they could get not only fast responses from the technology, but also the expert team at Intezer. That gave Albrecht the confidence that Intezer could provide the technology and also human expertise to extend his team’s capabilities.
Going forward, Piotr’s team is exploring other ways to use Intezer to support his team, like having it investigate and manage phishing emails.