Awake has made us more productive. We're spending less time looking at false positives, so we can focus on what's truly important. It hasn't affected the morale of our analysts because we use a third-party SOC.
When I look at the central dashboards, I can see what adversarial models were matched within the day, and when I click on that day, I can see what models and device names got triggered within my homepage. If I want to dive further into that model, I can click on that, and it tells me what the threats were as well as a lot more information on the endpoint or the asset. Then, if I want to see even more information, such as the actual activities, it's three clicks, and I'm on the activities themselves. I can pull a PCAP and investigate it. Regarding responsiveness and how quickly I get the answer, it's much faster than what I used to have.
It's hard to quantify, but it would have taken me 10 minutes to figure it out in my previous solution because I'm on the platform every day. Awake is easier and more intuitive. You see the day, the triggered models, and the asset. Then you click on the asset and activities. They're right there. I get the source, destination, and details, then download my PCAP, and I'm done.
Awake also tracks unmanaged devices. We have a guest WiFi, so if someone logs in to that, it's an unmanaged device. If they log in and try to do something bad, Awake will flag it and tell me. It's important even though we don't have as many people coming in and using the guest WiFi due to COVID, but we need to know if a guest user is doing something malicious.