- Limited visibility across the full security stack meant detection coverage gaps, with existing tools missing threats across cloud, network, and other infrastructure layers.
- With a distributed workforce of over 5,000 employees across global manufacturing sites, the centralized C&S team in Accton's main office faced significant coordination overhead in managing security across dispersed locations.
- Alert noise and false positives overwhelmed analysts, forcing a focus on Critical and High alerts. Medium and lower severity alerts were routinely dismissed, causing foundational issues and early warning signals to be missed.
- Existing security tools provided incomplete context and remediation visibility. Existing tools blocked execution of malicious code, but devices remained compromised, requiring extensive manual verification of remediation success.
- Effective threat remediation required coordination between multiple teams, including Security, IT, and infrastructure teams, creating communication bottlenecks and delays in incident response.
- Their average investigation time averaged 3 hours per alert and resolution, creating significant delays in threat response and analyst bottlenecks across global operations.
- Scaling SecOps headcount to meet the company's growth trajectory was not sustainable or cost-effective.
- Exaforce provides comprehensive visibility across endpoints, firewalls, cloud services, and CDN, eliminating coverage gaps and delivering unified threat detection.
- Centralized AI SOC platform unified visibility across all global locations, eliminating coordination overhead and enabling the central security team to manage threats across 5,000+ employees from a single console.
- Automated triage filtered out false positives at scale while elevating important findings across all severity levels, achieving a 91% reduction in noise and ensuring fundamental security issues hidden in lower-priority alerts were no longer dismissed.
- Exaforce elevated under-emphasized findings and validated complete remediation, identifying devices that remained compromised despite initial blocking actions.
- Automated response workflows with human-in-the-loop controls streamlined coordination between Security, IT, and infrastructure teams, accelerating containment and eliminating communication bottlenecks.
- Exabots reduced mean time to resolution from 3 hours to 10 minutes per alert, with AI-powered analysis providing rapid, conclusive verdicts.
- AI-driven automation delivered SOC capabilities without proportional staffing increases, resulting in significant cost savings.
Accton Technology is a leading provider of networking solutions, delivering high-performance infrastructure to enterprises worldwide. With operations spanning multiple cloud and SaaS platforms and a sophisticated environment, the security team faced mounting pressure from alert volume and the complexity of protecting distributed infrastructure.
Before Exaforce, Accton's SOC analysts spent considerable time investigating alerts that ultimately proved benign, while legitimate threats risked being buried in the noise. The team relied on a third party for managed security, but investigations averaged 3 hours per alert, creating bottlenecks that delayed responses across their global operations. As a frequent phishing target, Accton’s security team also had to sift through constant email and credential-theft noise. Exaforce helps them quickly surface which suspected phishes are real and require action, so true incidents don’t get lost in the background.
The deployment of Exaforce's AI SOC platform marked an immediate operational shift. By integrating with Accton's existing security stack (including PANW NGFWs, Microsoft Defender, AWS, Microsoft EntraID, and Cloudflare), Exaforce created a unified detection and investigation layer that brought clarity to previously fragmented telemetry. The platform's AI-driven auto-triage capability began filtering alerts from day one, automatically validating and contextualizing findings before they reached analysts.
Within weeks, the security team experienced a dramatic reduction in false positives and investigation times. Alerts that previously consumed hours of manual investigation were now triaged automatically, with Exaforce providing clear verdicts and supporting evidence. The 91% reduction in false positive noise meant analysts could dedicate their expertise to genuine threats rather than chasing phantom incidents. More critically, Exaforce reduced mean time to investigate from 3 hours per alert to just 10 minutes, with AI-powered analysis delivering rapid, conclusive verdicts that accelerated response across the entire SOC.
Exaforce's detection capabilities went beyond traditional tools, elevating findings that other systems missed or misclassified. In cases where Microsoft Defender blocked malicious activity, Exaforce validated that remediation was actually complete. The platform identified devices that remained compromised with active malware even after initial blocking, surfacing these Informational-level findings as persistent threats requiring deeper investigation. This eliminated the risk of incomplete remediation and ensured threats were thoroughly eliminated, not just temporarily contained.
The platform's machine learning driven detection approach proved particularly valuable, identifying suspicious activity patterns that would have required extensive custom rule development with traditional tools. Exaforce surfaced threats that had been hiding in blind spots across Accton's cloud and network infrastructure. At the same time, its comprehensive visibility extended far beyond the endpoint-focused coverage provided by their existing provider.
Exaforce's exploration capabilities transformed how Accton's team approached threat hunting and investigations. Automation Agents take on basic tasks and standard threat-hunting workflows, freeing Accton’s analysts to focus on deeper investigations and more advanced threat hunts. With unified visibility across cloud services, analysts could pivot between cloud resources, trace lateral movement, and investigate anomalies with context that previously required accessing multiple disparate consoles. The platform's Automation Agents also improved incident response by implementing human-in-the-loop automated remediation workflows that dramatically accelerated containment.
The operational impact extended beyond alert reduction and faster investigations. By automating the most time-consuming aspects of detection, triage, investigation, and response, Exaforce freed dozens of analyst hours each month. This time could be redirected toward strategic security initiatives and proactive defense. Response times accelerated as analysts received pre-validated, contextually rich alerts rather than raw events requiring extensive research. Importantly, these gains were achieved without adding additional headcount, capacity that traditional approaches would have required through incremental analyst hires.
"Exaforce has significantly improved our SOC efficacy by augmenting threat detection and response for AWS and Azure with AI," said Paul Kim, CISO & CIO at Accton Technology. "Its auto-triage of third-party alerts and rule-free detection streamlines our response and saves us dozens of hours, letting our team focus on mitigating threats, while their exploration capabilities offer greater visibility into all our Cloud services."
Exaforce's platform elevated the entire security operation. The combination of intelligent detection, automated triage, powerful investigation tools, and automated response workflows gave Accton's team capabilities that would have required significant headcount expansion to achieve manually. The result is a more responsive, more effective SOC that can scale with the company's growing infrastructure without proportional increases in analyst workload.
