Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN
ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.
Organization Overview
Health Shared Services is a healthcare support organization based in Alberta, Canada. Its SOC team consists of 16 analysts with approximately 130,000 endpoints and 160,000 employees to secure.
Key Challenge: Limited Threat Visibility During Investigations
For SOCs supporting large organizations, it’s critical to recognize the time to scale to keep pace with growing infrastructure and current threat landscape.
At Health Shared Services, the security team eventually traced several operational issues back to a single underlying limitation: their previous solution did not provide enough visibility into what suspicious files and URLs actually did after execution.
Analysts often lacked the behavioral context needed to quickly understand whether a threat was real and how it could impact their environment.
“Missing critical pieces of information for executed samples reduced our time to investigate, which was frustrating and preventable.”
Without detailed behavioral insights, faced several consequences:
- Extended incident resolution time: Limited threat context, e.g., lack of logs and information on executed payloads in their previous solutions, increased MTTR, leaving the infrastructure more exposed to potential threats.
- Limited time for proper investigation: Missing critical pieces of information on analyzed samples also led to rushed decisions, leaving little room for deeper insights.
- Team morale challenges: Visibility gaps that could have been addressed with a more context-rich solution led to frustration and fatigue among SOC team members.
That’s why when Health Shared Services’ previous security solution expired, the team’s leader took the opportunity to reassess their approach and look for a solution that could support their work better.
Why Health Shared Services Chose ANY.RUN
When searching for a new security solution, the organization’s Interim CISO considered several key factors:
- Community reputation
- Cost efficiency
- Investigative capabilities
According to the security leader, ANY.RUN’s Interactive Sandbox stood out in each of these areas.
The solution is acknowledged and frequently recommended among cybersecurity experts, remains a reasonably priced option for enterprise teams, and provides unique capabilities not commonly offered by other solutions.
Deeper visibility drives faster investigations.
Build a better SOC with ANY.RUN.
Decision-makers at the healthcare organization also viewed ANY.RUN’s sandbox as more than a solution that simply facilitates malware analysis, but a driver for better metrics across SOC processes:
“ANY.RUN provided not only the fundamentals needed to complete our investigations but also improved our mean time to resolve incidents.”
How Health Shared Services Implemented ANY.RUN’s Sandbox
The organization’s Interim CISO shared that when implementing ANY.RUN’s solution, the team didn’t need to redesign their core processes. Instead, the SOC refined their investigation cycle and reached better results without significant workflow changes.
They saw improvements across several operational areas since adopting ANY.RUN:
- Better detection: detailed threat data empowers analysts to process incidents with higher accuracy.
- Stronger triage: low false-positive rate (FPR) makes it easier and faster to process alerts.
- Faster response: efficient reporting and behavioral artifacts support more confident decisions.
The Interim CISO noted that the solution also improved the team’s ability to communicate investigation findings to leadership:
“It enhanced our team’s time to complete investigations and aided us in providing specific details for executive questions.”
Performance Impact
By executing suspicious files in ANY.RUN and reviewing behavioral artifacts, analysts were able to gather the context that had previously been missing during investigations.
From a leadership standpoint, the most important improvement has been the impact on SOC performance metrics and investigation confidence. For analysts, this looks like the ability to understand threats faster and deeper.
Key benefits observed by the SOC team
<thead> <tr>
<th>
Metric-based impact </th>
<th>
Operational benefits </th>
<th>
Human-centric values </th>
</tr>
</thead><tbody> <tr>
<td>
Lower MTTD and MTTR </td>
<td>
High-confidence decision-making </td>
<td>
Reduced alert fatigue </td>
</tr>
<tr>
<td>
Higher alert closure rate </td>
<td>
Faster investigations </td>
<td>
Intuitive and user-friendly interface </td>
</tr>
<tr>
<td>
Maintained SLA compliance </td>
<td>
Transparent and structured reporting </td>
<td>
Clear insights for analysts and leadership </td>
</tr>
</tbody></table>
Through these outcomes, the team was able to strengthen their ability to respond to security incidents effectively, covering all key challenges they had to face, from alert fatigue to high MTTR.
“ANY.RUN has bettered our SOC’s key metrics like MTTD and MTTR by providing a mature solution to sandboxing that is both well received by executives and the analysts.”
The organization continues to use ANY.RUN and plans to integrate our solutions with their SOAR platform in the future.
Strong SOC starts with confident decisions.
Improve your investigation cycle across processes today.
Conclusion
For Health Shared Services, adopting ANY.RUN strengthened their existing SOC operations without requiring major workflow changes.
This case highlights how large enterprises across industries benefit from deep threat context, real-time behavioral insights, and efficient reporting ANY.RUN offers.
About ANY.RUN
ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, integrates seamlessly into modern SOC operations. It supports investigations from triage to incident response, improving metrics like DR and MTTR.
ANY.RUN’s Interactive Sandbox aids in deep threat behavior observation, while threat intelligence solutions Threat Intelligence Lookup and Threat Intelligence Feeds empower analysts with rich community-sources context.
Over 600,000 SOC analysts across 15,000+ teams rely on ANY.RUN’s solutions. SOC 2 Type II certification allows us to protect customer data and maintain strong security controls.
The post Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN appeared first on ANY.RUN's Cybersecurity Blog.
Article Link: Health Shared Services Case: Stronger SOC with ANY.RUN
1 post - 1 participant
Malware Analysis, News and Indicators - Latest topics
Sp123
"An underestimated security threat to organizations is employee apathy and burn out."
