Gain a towering advantage

Over attackers with

Outpost Security Zero to One

Level One RBA Functionality

Fully Configured ES

Decrease in alert noise

increase in true positives

Broaden detections & not noise

“Every other solution we looked at was an incremental change. I knew we needed to change the game.”

— Global IT Security Director

zero

  • Unsure of where to start

  • Underutilized data

  • Unconfigured Data Models

  • Partially configured Assets + Identities

  • Underutilized Threat Intelligence

  • Single Event Detections

  • No RBA Notables

  • SOC does not know how to review RBA alerts

one

  • Full value of ES unlocked

  • Consistency of data

  • Configuration data models

  • Assets + Identities dynamically populated w/ criticality

  • Threat intelligence enrichment of RBA Notables

  • 10-15 RBA detections running

  • Enriched alert review dashboard for analysts

  • Tuning dashboard to triage alert tuning

  • Analysts reviewing RBA alerts and providing feedback on fidelity

HOW THE RBA PERSPECTIVE BRINGS MORE VISIBILITY TO YOUR SECURITY LANDSCAPE

Outpost Security ZERO TO ONE

Prescriptive configuration of ES and RBA

Advanced Notable Workbench

Minimize analysts investigation time, eliminate portal fatigue, and present automatic enrichment provided by RBA

RBA overview dashboard

Give your team instant insight into detection and alert tuning with minimal guesswork

Use cases

Improve Current Alerting

Volume + Accuracy - “Seeing alerts in a new light”

Command + Control

External Scanning + Exploitation

Suspicious Endpoint Activity

Improve VISIBILITY

Enable New Detections - “Seeing threats we haven’t been able to see before”

Lateral Movement + Credential Access

Suspicious Cloud Activity

Phishing Detection

Once I understood what RBA actually was – I knew we had to make time to get this implemented”

— Director Security Automation

How we implement

Outpost Security Zero to one

1. Use Case Selection

USE CASES SELECTED

To Scope RBA Deployment to Outcomes

DATA SOURCES SELECTED

Focus on the data sources needed to deliver outcomes

2. DATA + DATA MODELS

DATA SOURCE INGEST

Ensure data is ready for RBA detections

DATA MODELS SCOPED

Configure Data models needed to RBA Best practices

3. ES CONFIGURATION

Identities

Dynamically Populated & Accurate

Assets

Dynamically Populated & Accurate

Threat intelligence

Enabled and enriching RBA alerts

4. DETECTION

Detections enabled

Prescriptive set of RBA detections engineered for desired outcomes

detection events

Populating the risk index with vetted risk scores

5. alerts

Notables enabled

RBA Notables displaying in Incident Response

analysts reviewing

New Analyst review dashboard designed specifically for RBA

We use the ES Assessment to determine how far you are in the RBA journey and show you what’s possible with Risk Based Alerting (RBA).

Beyond One

visibility + capability

Keeps pace with ever changing infrastructure, attackers, and requirements

stop threats before

Identification and remediation of threats before an attack is completed

Security teams

Effective security teams that work seamlessly together, are not overwhelmed, and are not falling behind

10x metrics

  • 50% reduction of alert volume

  • 60% Alert fidelity

  • MTTR measured in minutes, not hours

  • Board Metrics to be proud of

We use the ES Assessment to determine how far you are in the RBA journey and show you what’s possible with Risk Based Alerting (RBA).