PART TWO: Threat Stack Releases New Alert Context for Reduced MTTK

As discussed in part one of this series, Threat Stack is committed to making meaningful changes to its user interface (UI)–including alert context–to further reduce key security metrics like mean-time-to-know (MTTK). This is important because every minute, if not every second, counts when it comes to identifying potential security risks. Yet, according to IBM, the average time to identify a breach in 2020 was 207 days. To avoid our customers falling into this startling statistic, we’ve released fundamental new changes to our UI for an enhanced experience to provide sharper security — in turn, reducing MTTK. Let’s explore. 

Introducing Alert Context 

When a customer is notified of a new alert and begins the triage and response workflow, the Threat Stack Cloud Security Platform® can group alerts by common indicators such as compliance and process and then creates visualizations such as heat maps and trend graphs to provide alert trend insight on frequency and volume. In addition, contributing events are correlated to alerts to provide an activity trail to guide investigations.

With feedback from Threat Stack users, we recognized that common questions are often derived from navigating alert triage and investigations. Therefore, we added new alert context functionality that standardizes these commonly asked questions and provides proactive answers by default to our users. Alert context helps to quickly and accurately guide our users’ investigations into high severity alerts.

New Alert Context Functions: Highlights, Visualizations, and Tables

To accommodate our new alert context, we had to redesign how to display our rich alert data. We recognized that the current view had to be expanded to make space for our new functionality that showcased event occurrences for various types of activities, like alert highlights, new visualizations, and tables. As a result, we shifted from showing alerts in a horizontal drawer view to a more spacious and modern vertical drawer view, allowing users to view the pertinent alert details while also viewing the high-level alert table.

One of the new functions we are able to add in with the extra space is alert highlights. This new capability can supplement point-in-time context with a summary of historical activity related to the alert. This will provide our users with context about infrastructure, user, and process activity, offering crucial guidance during security investigations over the past month.

For example, instead of navigating through a multitude of events related to a specific user’s activity, Threat Stack provides a summary of the alert itself, such as the following: