This case study reveals how Legato Security improved SOC efficiency and streamlined operations by implementing the Intezer Autonomous SOC Platform, the leading AI SOC agent.
As an MSSP, Legato Security is responsible for safeguarding clients against an ever-evolving array of threats, which demands expertise, efficiency, and accuracy.
Legato Security has built its reputation on providing comprehensive cybersecurity expertise, delivering 24/7 vigilance, and providing rapid incident response to its clients. However, as their client base expanded, so did the volume and complexity of security alerts, pushing their talented team of 20 cybersecurity professionals to their limits.
The AI SOC Impact
The impact of Intezer on Legato Security’s operations has been significant and measurable. Over a 90-day period, Intezer’s AI SOC agent was able to:
- Ingest 624,000 alerts and identify that nearly 30% were false positives that could be closed immediately.
- Escalate or mark to follow up over 13,750 alerts that were not deemed initially critical, high, or even medium severity from the original security tool source.
- Deliver alert verdicts in as little as 16 seconds.
Keep reading the case study to learn more about the benefits the Legato Security team realized by using Intezer’s platform, and how you can experience similar results yourself.
The Growing Pains of Alert Overload
“As an MSSP, our growth directly correlates with an increase in the sheer volume of security alerts we need to investigate,” shares Zach Walker, director of security operations at Legato Security. “Analyzing each suspicious file and URL manually across numerous client environments became more challenging as our customer base rapidly grew.”
Traditional automation and triage tools, such as sandboxing, were valuable but proved too cumbersome and time-consuming to handle the escalating number of incidents.
Furthermore, the sensitivity of client data introduced a critical hurdle. They needed a solution that could provide deep analysis without compromising the privacy and security of clients’ potentially sensitive information during incident response investigations. Several manual analysis tools raised concerns about data privacy, making them unsuitable for Legato Security’s stringent requirements.
Discovering the Power of Intezer’s Autonomous SOC
In their quest for a more efficient and secure solution, Legato Security discovered Intezer. They initially heard about the company due to its reputation for strong malware analysis capabilities. This key pain point often makes alert triage and investigations more time-consuming. In Intezer’s AI SOC solution, Legato Security found a powerful platform to address its triage challenges.
“We soon recognized that Intezer offered the capability to automate significant portions of our incident investigation workflows, freeing up our analysts to focus on more strategic tasks and allowing us to scale our services effectively,” Walker said.
As they onboarded Intezer, they also found the implementation process smooth. “The integration was incredibly straightforward. Intezer acted as a ‘plug and play’ solution that connected seamlessly with our existing infrastructure, requiring minimal maintenance and overhead from our team,” he added.
This ensured rapid time-to-value for the MSSP.
Intezer: An AI SOC Ally
The integration of Intezer into Legato Security’s security operations marked a turning point. Intezer’s ability to automatically collect evidence and investigate incidents was transformative for them.
“By seamlessly connecting Intezer with our managed endpoint security platforms, including CrowdStrike, we gained an autonomous layer of investigation,” Walker explained. “Intezer effectively handles Tier 1 SOC tasks, such as alert monitoring, false positive triage, and in-depth analysis of fileless malware, allowing our analysts to concentrate on more complex threats.”
In addition to handling the initial alert triage, Intezer’s AI SOC agents also investigated using analysis methods that require more specialized skills, such as reverse engineering, deep malware analysis, and memory forensics.
“The genetic analysis is a game-changer for us. Our analysts don’t have to manually reverse engineer every suspicious file as Intezer breaks it down instantly, showing known code reuse and malware relations,” Walker said. “It gives us clarity on what we’re dealing with in seconds, even when AV vendors are still showing ‘unknown’ or ‘undetected.’ That level of insight used to require a specialist and now it’s just part of our normal triage.”
For junior analysts, the team found that Intezer helped reduce their learning curve. For their senior analysts, Intezer automated the repetitive grunt work so they could focus on other critical needs.
“The intelligence baked into Intezer’s AI feels like having senior threat hunters guiding the process,” adds Walker. “Because it’s trained on experienced analyst workflows, it can prioritize indicators, correlate behaviors, and even suggest likely malware families.”
Quantifiable Impact and Unprecedented Efficiency
624K
Alerts ingested by the
Intezer Autonomous
SOC Platform
13.8K
Alerts escalated that
weren’t initially deemed
critical, high, or even
medium-severity
16
Seconds to reach an
alert verdict on average
While many security tools struggle to demonstrate a clear, quantifiable ROI and business impact, Intezer proved to be a notable exception for Legato Security.
Over a three-month period, Intezer ingested over 624,000 alerts, completing the investigation and triage verdict on an average of 16 seconds per alert. Nearly 30% of these alerts were resolved as false positives.
After analyzing and triaging every alert, 13,758 alerts were escalated or listed as follow-up required. None of the 13,758 escalated alerts were marked as critical, high, or even medium by their original security source.
Because Intezer investigates, triages, and responds to 100% of all alerts, regardless of severity, this resulted in a meaningful reduction in risk for Legato Security and its clients.
Soon after implementation, one notable instance highlighted the speed and depth of Intezer’s analysis during a potential ransomware attack.
“Intezer quickly confirmed the likely ransomware activity and, leveraging its endpoint scanning features, provided additional memory forensic evidence,” Walker recounts. “This rapid and comprehensive information enabled our SOC team to respond to the incident with greater speed and precision.”
Intezer: A Key Partner in Legato Security’s Offering
The partnership between Legato Security and Intezer continues to evolve, with the MSSP leveraging new automation features to further enhance its security posture.
“We are continuously benefiting from Intezer’s ongoing improvements and the introduction of new capabilities, allowing us to achieve more with fewer tools,” Walked shared. “The capability to proactively hunt for threats based on threat actor intelligence and emerging malware families identified by Intezer is a significant differentiator for our services.”
Looking ahead, Legato Security sees Intezer as a cornerstone of its security offering.
Walker concluded, “Intezer empowers us to provide our clients a more robust and efficient security service. The AI-driven automation and deep threat intelligence provided by Intezer not only enhance our incident response capabilities but also enable us to proactively hunt for and neutralize threats, setting us apart in a competitive market. Intezer has saved us from adding at least two additional analyst headcount, and as we grow, we anticipate the savings to be double that.”
The collaboration between Legato Security and Intezer exemplifies how Intezer’s AI SOC solution transforms SOC operations, enabling security teams to deliver superior security outcomes with greater efficiency, accuracy, and scale.
Ready to experience similar results? Take a tour of Intezer’s Autonomous SOC Platform today.