In 2016, Optimum realized the need to evolve their cybersecurity processes. With an older intrusion detection system, they were relying on their IT team to review security alerts manually. The team was spending too much time chasing false-positive alerts which distracted from other tasks. Optimum Energy also needed to become SSAE 16 compliant.
“Gradually over time, we paid attention less to the alerts because there were so many false positives,” says Daniel Kratz, Optimum’s Information Systems Manager. “You just lost confidence, when you're chasing a rabbit down a hole, and there wasn’t anything there. We wanted to get ahead of the problem and find a solution.”
We realized the high value of having an IDS and a team monitoring our network, but also the high risk if we didn’t put one in. Daniel Kratz, Information Systems Manager
CI Security solved the problem
After listening to what Optimum Energy was looking for, CI Security built a plan for them to achieve their goals and provide the audit artifacts they needed to support the plan.
SSAE compliance and attestation were crucial, as threat actors will often try to manipulate third-party vendors like Optimum to get access to their ultimate goal.
CI supported the efforts for passing the SSAE 16 SOC 2 Type 1 audit. Optimum continued to lower its risk of a breach by working with CI Security’s penetration testers on a regular basis, but Optimum still needed a reliable intrusion detection system. They chose CI’s Critical Insight™ Managed Detection and Response service to manage threat detection and to partner on incident response.