ANSEL Then
In the early days, our automation, ANSEL, while not necessarily immature, was certainly less advanced than where we are today.
Our initial focus was on developing automation to remove certain repetitive tasks from analysts, allowing them to focus on more strategic decision-making.
The first step in this journey was enabling automation to handle triage, the initial phase of incident analysis. We did this by enriching the data analysts would typically gather to understand a security event.
Once we had automation effectively managing triage, the next logical progression was enabling it to recommend outcomes based on the triage steps and the decision-making framework analysts used. As our capabilities matured, automation moved from simply providing recommendations to delivering actionable outcomes.
This meant that incidents could either be closed automatically, if deemed non-threatening or benign, or escalated to the customer when a genuine risk was identified.
In these cases, our automation not only escalated incidents but also provided clear recommendations on the next steps customers should take.
This led us to the final and most impactful stage: remediation.
ANSEL Now
Today, ANSEL is no longer the alerting tool it once was. It’s an active participant in cybersecurity operations, working alongside the SOC team. It can not only notify customers of threats but also take immediate action within their environments to mitigate and contain potential risks.
To put this into perspective, here’s the real-world impact of ANSEL:
- 67.3% of all security tickets fully automated by ANSEL
- ANSEL notified customers of threats in just 1.35 minutes on average
- Saved an average of 18 days per quarter on ticket resolution
- Reduced resolution time by up to 90% through automation
The transformation of ANSEL over the years shows a fundamental shift in how organisations can use automation to strengthen their security resilience.
The Role of Threat Intelligence in Automation
Another critical aspect of our approach has been the integration of enterprise-grade threat intelligence throughout the incident triage process.
This capability isn’t limited to automated incidents, it applies to all incidents, ensuring that every security event in our environment is enriched with high-quality intelligence. By doing so, we empower analysts with deeper insights and more context, leading to faster and more accurate decision-making.
Unlike many traditional models where enterprise-grade threat intelligence is provided on a per-customer basis, we’ve adopted a different approach.
Through our licensing model, we apply this intelligence across our entire customer base. This not only improves security effectiveness but also reduces costs, eliminating the need for you to make significant investments in standalone threat intelligence solutions.
This approach not only improves security effectiveness but also reduces costs, making advanced cybersecurity more accessible to organisations of all sizes.
What’s next for ANSEL and the future of automation in your security operations? Watch this space.
