US-based cybersecurity platform ziggiz announces a strategic partnership with Alpha Level to integrate the Alert Refinery in private preview with the ziggiz Cyber Lakehouse platform. The integration addresses the critical challenge of alert overload that plagues Security Operations Centers worldwide.

The partnership tackles a problem most security vendors ignore. SOC teams generate more detections per day than they can triage in a month, forcing analysts to make decisions that are "little better than random chance," according to ziggiz.

"Most vendors apply one size fits all approaches and shift blame when it doesn't work back to poor detection quality," the company stated. "Alpha starts with the acknowledgement existing detection quality is typically poor, identifying the relationship between signals to bring the top next action out."

Rarity Over Severity

Alert Refinery challenges conventional security thinking by prioritizing rare and multiple close proximity rare indicators rather than traditional severity scores. The approach recognizes that routine detections can indicate risk-taking behavior but probably not malicious indicating a true insider threat or adversary actor.

"Risks are important but risk and risky behaviors are just noise," ziggiz explains. "The refinery finds the signal."

The system continuously monitors alert feeds to keep the strongest signal at the top of the analyst's queue. The workflow doesn't change for SOC teams. They simply work from a prioritized list that's data-driven rather than their gut or emotion-driven choices. Data from the incident process continually provides feedback to tune the process.

Commercial Viability Through Reproducibility

Previous attempts at similar solutions failed as "science projects" that required high effort and all hands on deck implementations but never reached the market. Alpha Level designed Alert Refinery differently.

The integration leverages ziggiz's security semantic layer to make the solution reproducible. Data engineers manage the semantic mapping friction, allowing Alpha Level to focus on the use case rather than the data engineering required to reinvent the data layer for each customer. This also enables Alpha Level to release other heavily data-reliant use cases such as behavioral threat detection with minimal engineering overhead.

"ziggiz is an open data platform, the first managed Cyber Lakehouse built on Databricks and the first platform commercially viable third parties can build onto without re-inventing the data layer," the company stated.

Private Preview Results

The private preview tests deep integration and new data connectors while validating how fast the partnership can show value. Early results demonstrate a 90% reduction in onboarding time for data and detection.

Alert Refinery is using the same tools and access an in-house developer would use on the ziggiz platform. The approach demonstrates what a commercial Cyber Lakehouse can be, establishing a model where third parties build commercial-grade products without special platform access, which enables security operations to finally realize the full value of their data

"We are demonstrating what commercial Cyber Lakehouse can be," ziggiz confirmed.

About ziggiz

ziggiz operates as a managed Cyber Lakehouse platform built on Databricks. The company's mission focuses on commoditizing the Cyber Lakehouse and industry standard semantic layers. Led by CEO Dr. George Webster, the US-based company serves cybersecurity teams, SOC operations, hunt teams, investigation units, and security architecture professionals.

For more information about the Alert Refinery private preview, contact ziggiz directly.