Last updated at Fri, 29 Jun 2018 14:41:39 GMT
Many security teams today are using communication tools like Slack as a hub for incident management. DevOps teams call this, “ChatOps,” and it’s a streamlined way of communicating -- teams know the moment an issue arises so that they can respond faster and more collaboratively.
To understand how ChatOps orchestration and automation can be valuable to security teams, let’s first take a look at how ChatOps is handled today.
The ChatOps Challenge for Security Teams
With ChatOps embedded into a team’s security operations, every security tool can join the conversation in harmony, tasks can be automated across tools, and teams can better collaborate in real-time.
For example, let’s say an alert is triggered from your intrusion detection system into Slack about an abnormal 2 a.m. code deployment. Turns out, it was just your VP of Engineering deploying routine code, and the odd timing was due to him traveling in Europe. He sees the alert come in on Slack and pings the team on that channel that it was him and they can disregard the alert and go back to bed.
On the other hand, if activity pops up that no one is familiar with and that smells like a potential threat, your team can verify it right then and there and hop into action immediately.
But, this is easier said than done.
Many security tools today don’t integrate directly with Slack. And even if a security tool does integrate with Slack, its functionality is often limited to a one-way street whereby alerts or investigations tasks can be sent into Slack, but data leaving slack back to your products is still handled manually.
This often requires team members to jump from tool to tool to conduct routine tasks like compromised credential containment and privilege escalation reviews. This is tedious and expensive time that is better spent on more impactful tasks
This leaves security teams with two options:
- Build the integration yourself (time and resource intensive, plus maintenance to upkeep)
- Use security orchestration and automation to do the integration seamlessly
Security Orchestration and Automation Tools Brings ChatOps to Life
A security orchestration and automation tool like Rapid7 Komand reduces friction for ChatOps processes by integrating all your security tools and systems directly with Slack .
With your security tools setup to deliver alerts, incident notification, and other data into your chat app, security operations become more streamlined, collaborative, and efficient. Even better, automation can take the alerts that come in from your security tools and delegate tasks from Slack back to your tools, making ChatOps bi-directional, not simply one-directional.
This means your team no longer has to worry about the extensive, manual effort to perform routine investigatory tasks, alert enrichment, or malware containment. With automated workflows at the helm, you can designate Slack channel(s) to orchestrate all of those tasks for you so your team can focus on more strategic work, like threat hunting and responding.
Specifically by adding an orchestration and automation layer to Slack, you can:
Accelerate the incident response process
Achieve measurable time savings while also knowing the entire process is taken care of end to end.
Ensure every step in the investigation process is handled and that you have all the information you need to know to respond with the highest degree of accuracy.
Minimize tedious, routine investigations
Let automation and orchestration take the reins so your team can focus on more interesting and strategic work.
Optimize your security tools
Tie your suite of security tools together not only via Slack, but during the investigation and response phases, too. That way, no tool is left behind and each is used to its full potential.
Unify all your ChatOps use cases in one
With automation and orchestration built into Slack, ChatOps can seamlessly grow and evolve as your company, threat landscape, and use cases do.
Integrate All Your ChatOps Tools and Automate Effortlessly
As security becomes more of a focal point for every business, security teams need to be strategic about how they stay on top of events and remain proactive about new threats. ChatOps plays a critical role in enabling that to happen. And with a security orchestration layer integrating all your tools with Slack, you can effortlessly automate the bidirectional flow of crucial information.
If you're ready to see how you can orchestrate and automate your ChatOps use cases, we're recently held a live webinar on this topic. You can view the recording here.