Headquarters: Mississauga, Canada
Industry: Finance
Employees: 3,000
Company profile
Founded in 1990, goeasy is a leading FinTech company that provides lending solutions to millions of Canadians looking for an alternative to traditional banking services. Headquartered in Toronto, goeasy operates with over 2,500 employees across 400+ locations. Its well-known brands include easyhome, easyfinancial, and LENDCARE.
The challenge – a traditional SOC overwhelmed by a growing volume of alerts
goeasy’s security operations center (SOC) faced significant challenges as the company rapidly grew. As a small team, they struggled to keep up with the increasing volume of alerts generated by their growing portfolio of threat detection systems. Millions of logs and thousands of alerts were processed daily, creating a massive analyst workload.
Analysts suffered from the “swivel-chair effect,” having to manually review alerts from ten different security tools, including Office 365, Netskope, Okta, Sentinel One, Splunk Enterprise Security, Salt Security, and Taegis VDR. This disjointed workflow slowed down investigations and increased response times. On a typical day, the team faced over 3,000 alerts, each taking 15 to 20 minutes to triage individually.
The sheer volume of alerts and time needed to investigate each one left our SOC overwhelmed and unable to meet our security SLAs. Focusing on proactive security measures was at that point simply impossible.
To automate and standardize incident response, goeasy deployed a well-known SOAR platform. However, the system required extensive playbook engineering and maintenance. This added burden on an already overstretched team, leading to a significant slowdown in response times. Prakash Selvarajah, Team Lead – Cyber Defence Cloud Security & Endpoint Security at goeasy noted “our previous response automation tool required lots of playbook engineering for it to be useful at all. With my team already underwater, this resulted in an unacceptable MTTR of 5 days”.
An ongoing general challenge faced by goeasy is the volume pricing for log management which forces them to cherry-pick the data they can ingest. Additionally, the licensing and administration overhead has become harder to justify over time.
Scaling the SOC headcount and adding more analysts to manage the increasing volume of alerts was an expensive, non-option for the company. Working with an MSSP was likewise expensive and provided inconsistent results. Instead, goeasy began exploring AI-driven solutions in 2023, seeking a way to support their human analysts, meet security SLAs, and adopt a proactive security approach.
The solution – AI-driven automation for a faster, smarter SOC
After evaluating several SOC automation solutions and conducting multiple PoCs, goeasy selected Radiant Security. The decision was based on Radiant’s plug-and-play integrations with all their existing security vendors and data sources, as well as its ease of use and immediate time-to-value.
The onboarding process was seamless, with full support from the Radiant team. Out-of-the-box integrations allowed goeasy to seamlessly connect its security tools, delivering quick time-to-value.
What stood out for us was the ability to automatically and accurately triage alerts from all our tools while correlating them across the millions of logs in our tech stack.
Radiant’s AI-powered triage cut down false positives by 99%, reducing the time required to investigate alerts from 15 minutes to just 15 seconds. The SOC team could now review the vast majority of benign alerts in mere seconds, allowing them to focus on real threats. Analysts were no longer required to switch between multiple security tools, as Radiant provided a unified platform for managing all alerts from across their tech stack.
Maintaining complex SOAR workflows was no longer necessary. Radiant automatically and dynamically generated remediation actions that analysts could review, modify, and execute with a single click, eliminating the need for extensive coding and manual intervention. This improvement dropped goeasy’s MTTR from 5 days to just 7 hours, very far ahead of the SANS Incident Response benchmark of 5 days.
Not only are we safer with Radiant’s AI automating alert triage and escalating real threats, but our SOC analysts now have more time to focus on advanced threats and proactive security.
With Radiant’s ultra-affordable and built-in log management, goeasy is now able to ingest, store and analyze more data, facilitating highly accurate and comprehensive triage. Additionally, Radiant’s log management comes with unlimited retention and rapid querying directly from customers’ own S3 bucket, translating into massive cost reduction of approximately 80%, without vendor lock-in.
The results – a fast, modern SOC that raised the bar across all security functions
By implementing Radiant Security, goeasy achieved transformative improvements in its security operations:
- Reduced alert triage time from 15 minutes to just 15 seconds
- MTTR dropped from 5 days to just 7 hours – far exceeding industry benchmarks
- Eliminated false positives by 99%, allowing analysts to focus on real threats
- Consolidated security alerts from 10 different tools into a single platform
- Replaced complex SOAR workflows with AI-driven remediation
- Enhanced confidence in triage decisions through complete transparency of Radiant’s AI-driven triage logic for every step taken.
- Enabled human-in-the-loop controls, allowing analysts to easily evaluate, customize, and execute remediation actions
- Future-proofed log storage and analysis strategy, with plans to migrate from a prohibitively expensive SIEM to Radiant’s ultra-affordable log management solution
