What is our primary use case?
Awake Security was brought onboard to provide governance over the incident response process, which is a managed service. Challenges were identified, such as, no visibility and no network awareness of what's going on in the environment. Once the network visibility was solved, the decision to look at AI related tools was initiated.
We will be using its features for compliance as well as threat detection, looking to partner with Awake Security to achieve these goals. Placing their solution in an enterprise financial vertical may allow thinking outside the box, providing additional value in the compliance space.
Right now, they are an on-prem visibility solution. However, we are a cloud-first company. Awake Security provides the ability to pivot to the cloud and look at what's going on there.
Two compliance use cases: First, we have a new subnet within one of our CSPs, Awake Security will alert when an activity is observed. Second, a new virtual machine has been provisioned and the local endpoint protection is not phoning home. With the correct structured language in place, we will know if the new device has not been seen on the network for longer than five minutes and has not communicated with the update server.
How has it helped my organization?
Open communication with the MNDR service has driven down the number of false positives. The current average is five events a week, where four are actionable.
The direction we are heading is moving away from traditional alerts and focusing on entities that pose the highest risk to our environment. With the behind the scenes tuning, this lends to a clearer understanding of what this device does. Awake Security is constantly asking, "What is the purpose of a device in the environment?" and, "I'll update the LSOP, and we'll get this tuned."
We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network.
What is most valuable?
Awake Labs managed network detection and response (MNDR) service is its most valuable feature. The Awake Security team find incidents that we didn't realize were happening in the environment. Due to our cloud-first approach and outsourcing to managed services, a Tor beacon was observed by the Awake Security team. Files were being uploaded from one of our MSPs.
I am impressed with the solution’s EntityIQ, which is its AI-based security knowledge graph, in terms of its ability to identify and profile. We evaluated other vendors and were really poking at the AI. Not everyone does AI or machine learning the same way. Awake Security's model is unique in the way that they do their AI with their entities.
What needs improvement?
Awake Security markets themselves as a security shop, and that's what they are. However, compliance with our partnership can enhance its capabilities.
Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better. For anyone searching to outsource a Level 1 or 2 incident response team, it would be prudent to look at Awake Labs.
For how long have I used the solution?
We purchased Awake Security a few months back. We made a good choice.
What do I think about the stability of the solution?
The stability has been rock-solid with no issues. It was sized properly.
The platform was recently upgraded. The upgrade went seamlessly. I have been working with the new interface and like it.
What do I think about the scalability of the solution?
There is enough overhead. When we start adding additional traffic, like our cloud landing zones, it will be not be a problem.
We will be increasing usage, and it will be geared more towards the compliance around our financial vertical.
How are customer service and technical support?
Awake Security get high marks for their communications. We speak at least a few times weekly to ensure the system is tuned correctly. High incident tickets are usually accompanied by a phone call. A review of tickets is scheduled on a monthly basis.
Our experience with the technical support has been great. The department manager receives an intelligence feed about new ransomware observed in the wild. We engage the Awake Security team and request a custom AML signature be written for detection. In one specific example, a request email was sent to Awake Security at 8:30 AM in the morning. By 10 AM, Awake Security's signature was in place.
Which solution did I use previously and why did I switch?
We are a start-up company, established within the last two years. We had a bake-off of three AI based network visibility tools, and Awake Security was our selection.
How was the initial setup?
The initial setup was straightforward, not complex, from when the box arrived to when it was installed,
We are planning to pivot to visibility in our cloud landing zones. That's where we will brainstorm or whiteboard stuff that says, "Here's what we can see," and then what we do is say, "Okay, if this happens, I want to know about it." Afterwards, we'll come back to the Awake Security guys, and say, "Here's the stuff that we want you to alert us on," which is really around the compliance stuff. For example, you're not supposed to egress out Azure's Internet. Everything has to come back to us. But we find people have configured it incorrectly and are sending traffic out to the public Internet through Azure's egress. Once we have network visibility up there, we will get alerted when that stuff happens, stating, "Outbound egress traffic has been seen. Here is the host and where it was going." We can then go back and either stop it or talk to the person who set it up.
What about the implementation team?
I have worked with support from Awake Security, and it was straightforward. We already had architecture network visibility, IP addressing, and interface feeds that were provided beforehand by the Awake Security team. Awake Security shipped the devices with the configurations. We plugged them in, and they worked.
What was our ROI?
The current legacy service is strictly based off of logs. Incidents are being generated by the rules algorithms. With Awake Security, their approach is different due to the network context. Awake Security has allowed us to focus on other items, not just on incident response.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing are competitive.
Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model.
When we pivot to the cloud, in order to capture that data, the additional cost is minimal or non-existent.
Which other solutions did I evaluate?
The original project driver was network visibility, as we didn't have any. We brought in Darktrace, Stealthwatch, and Awake Security for a bake-off. Awake Security filled the need for visibility by being augmented with the MNDR service.
We found other tool interfaces more polished and more cosmetic in nature. Some folks like to look at that stuff, but you're missing the whole point of Awake Security if you look at it from that perspective.
Awake Security sold the MNDR service as part of their solution. So, the direction was: "Come back and tell me what your MNDR guys have found." They did find incidents our managed virtual SOC had not. There was overlap where the Awake Security team found events our current SOC did not.
We also looked at Arctic Wolf. They're a managed service around incident response. We did an hour demo. It is a good product, but we are happy that we selected Awake Labs.
What other advice do I have?
The Awake Security team does a good job with communication. With the encrypted traffic, you can't see inside the packet. Encrypted traffic was not a hindrance, since most traffic nowadays is encrypted. The Awake Security team does a good job of determining what's wrong, even though they don't have the full view of the content inside the packet.
Awake Security gets a solid nine (out of 10) based on our experience. That's based on their technology, professionalism, and communication. It was their MNDR service that set them apart when we were looking at other technologies.
Which deployment model are you using for this solution?
Identify hidden network threats
Your network may have security risks that you don't know about. Schedule a live demo to see how you can use Awake Security to identify and mitigate these threats.