Leverage Insights to unlock actionable data points within your SOC operations.
Insights can be used to access precise key performance indicators to help you better understand and communicate security posture, attack surface, and operational efficiencies.This guide provides a detailed description of the Radiant Security’s Security Operations Insights and outlines the following insights:
Access Insights
To access Insights:
- In the navigation menu, click Insights.
- Select the desired time range from the drop-down menu to filter the dashboard data. You can choose to select a relative time range: Last 7 Days, Last 30 Days, Last 90 Days, and Last Year or, specify your own time range using the date and time picker.
Note: All dates are displayed in UTC time.
Incident Overview
The Incident Overview dashboard provides a high-level summary of all incidents on a given date. It includes key metrics for the overall volume of Alerts and Incidents, and an Alerts percentage. 
It features two visualizations: Active incidents and Incident management over time.
Active incidents
This visualization provides a breakdown of open incidents according to incident type (BEC, Endpoint, Identity, Network, and Phishing). You can click on any incident type to go to the Incidents page where you’ll find more information about all incidents of that type within the chosen time range.
Incident management over time
This visualization displays a time series chart that shows the volume of incidents that are created and incidents that are closed.
You can view the following metrics in this visualization:
- Total incidents created: The total number of incidents created on a given date.
- Total incidents closed: The total number of incidents closed on a given date.
- Average Closure Rate: The percentage of incidents that were closed versus created over the given time period.
Hover over the chart to open a detailed summary of incidents for a given date.
Noise reduction
Noise reduction provides insight into false positive alerts. There are two visualizations: Vendor false positive rate and Vendor alert volume.
Vendor false positive rate
This visualization illustrates the number of false positives (benign) versus true threats (malicious) alerts that were generated by each vendor and automatically triaged by Radiant Security.
Hover over each line in the chart to open a quick summary of false positive rates for each vendor.
Vendor alert volume
This visualization compares the total volume of alerts generated by each vendor. Vendors that generate a high number of alerts contribute to an increased workload for your team. Radiant Security reduces this workload through automatic triage, freeing up valuable time for your team. 
Response Time
Response Time provides insight into the average time it takes for your organization to detect and resolve security incidents. There are several visualizations: MTTD, Industry MTTD, and
MTTDMean time to detect (MTTD), also known as dwell time, measures the average time it takes your organization to identify a security incident. The MTTD is calculated by measuring the time it takes to detect a true positive alert, starting from the initial event that triggered the alert and continuing until the end of triage. This metric helps assess the efficiency of incident detection, with a lower MTTD indicating a more efficient incident detection capability. |
.png?width=688&height=383&name=Screenshot%202024-01-17%20at%207.33.24%20PM(1).png)
|
Industry MTTDThe Industry MTTD is a fixed value that’s calculated based on industry averages taken from the 2023 SANS Incident Response Survey. You can compare your MTTD to the industry MTTD to identify strengths and weaknesses in threat detection. A low MTTD compared to industry MTTD indicates a strong and effective security posture. |
|
Incident response cycle
This visualization provides a time series chart that compares the MTTR with the industry MTTR. You can use these metrics as benchmarks to assess your team's responsiveness.
You can view the following metrics in this visualization:
- MTTR: Mean time to respond (MTTR) measures the average time taken to fully remediate an incident once it has been detected for your organization. An incident is considered fully remediated once all remediation tasks have been completed. A lower MTTR value indicates that the incident response process is fast and highly effective.
- Radiant MTTR: The average time it takes for all Radiant Security users to fully remediate incidents after detection.
- Industry MTTR: The Industry MTTR is a fixed value that’s calculated based on industry averages taken from the 2023 SANS Incident Response Survey.
Hover over the chart to open a detailed comparison of MTTR and industry MTTR for a given date.
Resource utilization
Resource utilization provides insights into the effectiveness of your organization’s resource usage. The following visualizations are available:
- Total Hours saved
- Cost saved
- FTEs headcount saved
- Automation by incident type
- Tasks automated by a workflow
- Tasks completed by a single-click
- Tasks done manually
- Tasks ignored
Note: Calculations for this visualization are derived from default values based on the industry averages. You can customize the default data values to get a specific overview of your savings by clicking the View Raw Data option next to Total Hours or Cost saved. 
Total Hours saved
This visualization provides a doughnut chart showing the total amount of hours saved by automating the incident lifecycle stages. For example, the total triage hours saved is calculated by multiplying the total number of alerts triaged by the average time it takes to manually triage an alert. Similarly, this chart breaks down the amount of hours saved for other stages of the incident lifecycle: triage, investigation, containment, and remediation.
Hovering over each section of the chart will highlight the stage of the lifecycle.
Cost saved
The total dollar amount saved by leveraging Radiant Security’s automation capability compared to manual effort. This number is calculated by the total hours saved multiplied by an analyst’s hourly salary.
FTEs headcount saved
This metric converts the amount of saved hours into the equivalent number of full-time employees (FTEs) needed to manually complete the work over a traditional 40-hour work week. This provides you with a tangible measure of workload reduction in the form of FTEs. 
Automation by incident type
This visualization compares the type of task that was executed for each incident type. The tasks are automated, single-click, manual, or ignored.
Hover over each line in the chart to open a detailed summary of tasks executed per incident type.
Tasks automated by a workflow
The percentage of tasks that were executed by a workflow.
Tasks completed by single-click
The percentage of remediation and containment tasks that were executed using one-click mitigation.
Tasks done manually
The percentage of tasks that were executed manually.
Tasks ignored
The percentage of tasks that were ignored.
FAQ
- How often is the data updated?
Answer: Data is updated about every minute. - What time zone is the data calculated in?
Answer: All time is calculated in Universal Time Coordinated (UTC). - How is it possible to achieve an average closure rate of over 100%?
Answer: The average closure rate is calculated using the total number of incidents created and the total number of incidents closed on a given date. For example, imagine that yesterday 10 incidents were created. Today, an additional 15 incidents were created, bringing the total number of incidents to 25. Then, today all 25 incidents from the past two days were closed. The number of closed incidents exceed that of the number of created incidents on a given date. This is how the average closure rate can exceed 100%.
We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai
Last updated: 2024-08-23