Case Study: Educational Service Company slashes mean time to resolution with ExtraHop Reveal(x)

Improving Mean Time to Resolution

An educational services provider in the post‑secondary sector reassessed its security posture and found network visibility gaps just as executives mandated a rapid increase in security. Frequent cross‑team "war room" investigations, a custom‑coded Splunk parsing workflow, and pandemic‑era VPN dynamic IPs were driving long mean time to respond (MTTR) and making it hard to route incidents to the right IT or security queues.

They implemented ExtraHop Reveal(x) and engaged ExtraHop Professional Services to convert Reveal(x) logs to JSON, add custom risk scoring and detection filters, correlate detections with Active Directory and user‑impact metrics, and automate Splunk workflows that tag incidents for IT or security. The result was richer, correlated data, automated prioritization and fewer war rooms—leading to faster incident validation, shorter time to resolution, improved VoIP remediation, and a measurable reduction in MTTR.