Security Operations Insights

Leverage Insights to unlock actionable data points within your SOC operations.

In this guide, you will use Radiant Security’s Security Operations Insights to track key performance indicators that reflect security posture, attack surface, and operational efficiency. You will learn how to view and interpret:

  • Incident Overview

  • Response Time

  • Resource Utilization

Access Insights

To access Insights:

  1. In the navigation menu, click Insights.

  1. Select the desired time range from the drop-down to filter the dashboard data. You can choose to select a relative time range: Last 7 Days, Last 30 Days, Last 90 Days, and Last Year or specify your own time range using the date and time picker.

Note: All dates are displayed in UTC time.

Incident Overview

The Incident Overview dashboard provides a high-level summary of all incidents on a given date. It includes key metrics for the overall volume of Alerts and Incidents, ****and an Alerts reduction percentage.

It features four visualizations: Active incidents, Incident management over time, Vendor false positive rate, and Vendor alert volume.

Active incidents

This visualization provides a breakdown of open incidents according to incident type (BEC, Endpoint, Identity, Network, and Phishing). You can click on any incident type to go to the Incidents page where you’ll find more information about all incidents of that type within the chosen time range.

Incident management over time

This visualization displays a time series chart that shows the volume of incidents that are created and incidents that are closed.

You can view the following metrics in this visualization:

  1. Total incidents created: The total number of incidents created on a given date.

  2. Total incidents closed: The total number of incidents closed on a given date.

  3. Average Closure Rate: The percentage of incidents that were closed versus created over the given time period.

Hover over the chart to open a detailed summary of incidents for a given date.

Vendor false positive rate

This visualization illustrates the number of false positives (benign) versus true threats (malicious) alerts that were generated by each vendor and automatically triaged by Radiant Security.

Hover over each line in the chart to open a quick summary of false positive rates for each vendor.

Vendor alert volume

This visualization compares the total volume of alerts generated by each vendor. Vendors that generate a high number of alerts contribute to an increased workload for your team. Radiant Security reduces this workload through automatic triage, freeing up valuable time for your team.

Merged alerts group alerts related to the same incident, while Unique alerts represent distinct incidents.

Response Time

Response Time provides insight into the average time it takes for your organization to detect and resolve security incidents. There are several visualizations: MTTD, Industry MTTD, and Incident response cycle.

MTTD

Mean Time to Detect (MTTD), also known as dwell time, measures the average time it takes your organization to identify a security incident. The MTTD is calculated by measuring the time it takes to detect a true positive alert, starting from the initial event that triggered the alert and continuing until the end of triage. This metric helps assess the efficiency of incident detection, with a lower MTTD indicating a more efficient incident detection capability.

Note: MTTD shows how long it takes to detect a true positive alert—from the triggering event to the end of triage. It’s measured before the alert reaches Radiant.

Industry MTTD

The Industry MTTD is a fixed value that’s calculated based on industry averages taken from the 2023 SANS Incident Response Survey. You can compare your MTTD to the industry MTTD to identify strengths and weaknesses in threat detection. A low MTTD compared to industry MTTD indicates a strong and effective security posture.

Incident response cycle

This visualization provides a time series chart that compares the MTTR with the industry MTTR. You can use these metrics as benchmarks to assess your team's responsiveness.

You can view the following metrics in this visualization:

  1. MTTR: Mean Time to Respond (MTTR) measures the average time taken to fully remediate an incident once it has been detected for your organization. An incident is considered fully remediated once all remediation tasks have been completed. A lower MTTR value indicates that the incident response process is fast and highly effective.

  2. Radiant MTTR: The average time it takes for all Radiant Security users to fully remediate incidents after detection.

  3. Industry MTTR: The Industry MTTR is a fixed value that’s calculated based on industry averages taken from the 2023 SANS Incident Response Survey.

Hover over the chart to open a detailed comparison of MTTR and industry MTTR for a given date.

Resource utilization

Resource utilization provides insights into the effectiveness of your organization’s resource usage. The following visualizations are available:

  1. Total Hours saved

  2. Cost saved

  3. FTEs headcount saved

  4. Automation by incident type

  5. Tasks automated by a workflow

  6. Tasks completed by a single-click

  7. Tasks done manually

  8. Tasks ignored

Note: Calculations for this visualization are derived from default values based on the industry averages. You can customize the default data values to get a specific overview of your savings by clicking the View default values option next to Total Hours saved or Cost saved.

Total Hours saved

Total Hours Saved = Total Incidents Processed During an [Incident Lifecycle Stage] × Average Time (minutes) Per Incident

This visualization provides a doughnut chart showing the total amount of hours saved by automating the incident lifecycle stages. For example, the total triage hours saved is calculated by multiplying the total number of alerts triaged by the average time it takes to manually triage an alert. Similarly, this chart breaks down the amount of hours saved for other stages of the incident lifecycle: triage, investigation, containment, and remediation.

Hovering over each section of the chart will highlight the stage of the lifecycle.

Cost saved

Cost saved = Total Hours Saved × Analyst’s Hourly Salary

The total dollar amount saved by leveraging Radiant Security’s automation capability compared to manual effort. This number is calculated by the total hours saved multiplied by an analyst’s hourly salary.

FTEs headcount saved

FTE Headcount Saved = Total Hours Saved ÷ 40

This metric converts the amount of saved hours into the equivalent number of full-time employees (FTEs) needed to manually complete the work over a traditional 40-hour work week. This provides you with a tangible measure of workload reduction in the form of FTEs.

Automation by incident type

This visualization compares the type of task that was executed for each incident type. The tasks are automated, single-click, manual, or ignored.

Hover over each line in the chart to open a detailed summary of tasks executed per incident type.

Tasks automated by a workflow

The percentage of tasks that were executed by a workflow.

Tasks completed by single-click

The percentage of remediation and containment tasks that were executed using one-click mitigation.

Tasks done manually

The percentage of tasks that were executed manually.

Tasks ignored

The percentage of tasks that were ignored.

FAQ

How often is the data updated?

Data is updated about every minute.

What time zone is the data calculated in?

All time is calculated in Universal Time Coordinated (UTC).

How is it possible to achieve an average closure rate of over 100%?

The average closure rate is calculated using the total number of incidents created and the total number of incidents closed on a given date. For example, imagine that yesterday 10 incidents were created. Today, an additional 15 incidents were created, bringing the total number of incidents to 25. Then, today all 25 incidents from the past two days were closed. The number of closed incidents exceed that of the number of created incidents on a given date. This is how the average closure rate can exceed 100%.

What else can I leverage if I want to lower my MTTR?

You can set up automations using Workflows to reduce your MTTR. Automation allows incidents to be contained and remediated within minutes, rather than waiting on a manual response.

How are the metrics calculated?

  1. MTTD: Measures the time it takes to detect a true positive alert, starting from the initial event that triggered the alert and continuing until the end of triage. MTTD is calculated before the alert reaches Radiant—it reflects the detection process itself and cannot be changed within Radiant.

  2. Industry MTTD: A fixed value that’s calculated based on industry averages taken from the 2023 SANS Incident Response Survey.

  3. MTTR: The average time taken to fully remediate an incident once it has been detected.

  4. Radiant MTTR: The average time it takes for all Radiant Security users to fully remediate incidents after detection.

  5. Industry MTTR: A fixed value that’s calculated based on industry averages taken from the 2023 SANS Incident Response Survey.

  6. Cost saved: Cost saved = Total Hours Saved × Analyst’s Hourly Salary This metric is based on industry average. You can customize the default data values to get a specific overview of your savings. Just click the View default values option next to Cost saved to customize the default values.

  7. Total Hours saved: Total Hours Saved = Total Incidents Processed During an [Incident Lifecycle Stage] × Average Time (minutes) Per Incident This metric is based on industry average. For example, the total Triage hours saved is calculated by multiplying the total number of alerts triaged by the average time it takes to manually triage an alert. You can customize the default data values to get a specific overview of your savings. Just click the View default values option to customize the default values per incident lifecycle stage.

  8. FTEs headcount saved: FTE Headcount Saved = Total Hours Saved ÷ 40

PreviousConfigure your Account NotificationsNextSet up Outgoing Webhooks

Last updated