As security infrastructures continue to proliferate with countless appliances, systems and services (not to mention threats), incident-response teams have become inundated by security alerts, most of which are false-positives.

The industry has attempted to address this problem with security-orchestration technology, which automates many of the tasks and processes required to analyze, triage, and remediate security events. While these technologies succeed at making incident-response personnel more efficient in their existing processes, they do not address the most important source of risk and waste – massive volumes of false-positive alerts. As a result, these tools simply automate a broken process, rather than fixing it.

Fixing A Broken Process


ATA takes a fundamentally different approach to solving alert-overload by attacking the false-positive problem. By reducing overall alert volume to only those that represent actual threats, the ATA Platform frees incident-response teams to slash time-to-remediation, rather than wasting enormous amounts of time on false-positive wild goose chases. This delivers a number of benefits including:

  • Eliminating the “bad and worse” choice between adding staff to manually investigate all alerts, or reducing security effectiveness by ignoring alerts or relaxing alarm thresholds to reduce alert volume.
  • Freeing operations managers to move away from an “Alert Tyranny” operating model and deploying a larger percentage of staff on strategic security issues.
  • Improving the return-on-investment in SIEMs, orchestration systems and other security infrastructure by ending roles as false-positive “noise generators.”

ATA, we think it’s important to address problems head on. It’s time to end alert overload.