The ability of organizations to customize and personalize solutions to their unique operational needs is critical. fernao magellan GmbH, a leading Managed Security Service Provider (MSSP) in Germany, has demonstrated how the use of customizable security automation can transform security operations (SecOps). fernao magellan uses Swimlane’s security automation platform to address its challenges such as alert fatigue, siloed tools, and false positives, empower its analysts, and achieve unprecedented efficiency in its security operations.

In a recent interview, Mike Schneider, lead analyst of the Computer Emergency Response Team (CERT) at Fernao Magellan, explained why Swimlane’s security automation platform was the only vendor in the market that could meet their deployment and customization needs.

Read on to learn how Fernao Magellan adapted 140 SOAR use cases in two years, or read the full case study here.

Important considerations when selecting a security automation provider

When Schneider and his team were looking for a security automation solution, Schneider had clear criteria:

• Support for on-premise deployments
• Flexible enough to meet different customer requirements and processes
• Trusted by the cybersecurity community
• Easily customizable for internal SecOps teams

After careful consideration, Swimlane emerged as the preferred security automation provider that meets all of these requirements and more.

“We needed a security system that would take out the trash so we could focus on the really serious alarms,” said Schneider. “This solution had to depend not only on the security automation system itself, but also on the analyst. We needed a solution that could leverage the experience of our analysts, but also automate our processes and give us the most important alerts that were serious and that we needed to focus on.”

Why no-code is not good for Fernao Magellan

Another key requirement for Fernao Magellan was a security automation tool that could be used effectively by analysts with advanced programming skills. Swimlane’s security automation platform supports custom Python coding for developers who want maximum flexibility and high customization. As Schneider pointed out, a no-code solution could never be flexible enough for their needs. The ability to customize Swimlane was critical to maximize analyst contributions and improve overall operational efficiency.

“If a tool is no-code, it will never be flexible enough,” explained Schneider. That’s just not possible. The ability to use Python is essential to the flexibility MSSP requires.”

How security automation increased Fernao Magellan’s operational efficiency

With Swimlane, Fernao Magellan was able to easily customize reports to meet different customer needs, improving customer communication and satisfaction. The platform’s ability to seamlessly automate processes from alert triage to threat reconnaissance streamlined workflows and reduced manual effort, resulting in significant time savings so analysts could focus on proactive threat detection and response strategies. By leveraging Swimlane’s case management, Fernao Magellan was able to integrate all of its tools and processes into a single system of record.

“Constantly switching between different tools and platforms is not efficient,” said Schneider. With Swimlane we integrate all our tools and processes under a single interface.”

140 customized use cases in 2 years

In less than two years, Fernao Magellan implemented 140 customized use cases with Swimlane, improving its operational capabilities and efficiency and making it a standout MSSP in the market. Key results included:

• Reduction of false alarms: Swimlane filtering ensured that only important threats were escalated, allowing the team to focus on critical alerts.
• 30% time savings through central case management: By integrating enrichment, threat intelligence, and case management into one tool, Fernao Magellan was able to significantly reduce context switching and complexity.
• Additional 30-70% time savings per use case: By automating case closure instead of analysts, analysts were able to shift their focus from manual tasks to proactive threat detection and response.

The value of a people-first approach

Swimlane’s reputation among industry peers spoke volumes and made the decision easy for Schneider. However, it’s Swimlane’s exceptional support team that really sets the company apart from other providers. “When we have an issue, it never takes more than 5 minutes to get the help we need,” said Schneider, emphasizing the reliability and effectiveness of Swimlane’s customer support. “I’ve had consistently excellent experiences with Swimlane’s customer support.” Schneider’s recommendation of Swimlane underscores the platform’s excellent support and its transformative impact on their operations.