Last updated at Tue, 27 Nov 2018 19:02:00 GMT
Organizations whose vulnerability management responsibilities are distributed across multiple teams often deal with similar issues: teams operating in silos, differing terminology, and a lack of common visibility. At Rapid7, it’s our goal to help companies embrace a culture of collaboration so they can move their security postures forward faster. This goes beyond simply establishing a set of guidelines: It requires rethinking about how we use technology to drive better collaboration.
Our current webcast series, Get Sh!t Done with Automation, explores how you can improve your vulnerability management and incident detection and response processes with security orchestration and automation (SOAR), best practices for implementing automation at your organization, and how to incorporate automation into your 2019 security initiatives. Ultimately, we’re sharing how automation can help you break down silos, align communication and terminology, and gain complete visibility across your modern ecosystems.
Let’s dive deeper into the remediation side of things. You can watch the full webcast on demand here, and read our brief recap below:
The way forward: Driving collaboration between security, IT, and development
In the webcast, Rapid7 product manager Nick McKee and I explained that when teams work in silos, it makes remediation cumbersome and difficult. It also blocks visibility into what other teams are working on. This can lead to serious delays, missed steps in defined processes, and all-around frustration. That’s why collaboration is absolutely imperative to the operations of an effective modern security program.
So, how do we break down age-old silos? It begins with shared visibility and analytics.
We explain this in more detail in the webcast, but the general gist is that with a shared data set, teams can look at the same reports, from the same perspective, with the same lens. For example, how many times have you been in a meeting where two people interpreted the same data differently? Using platforms like InsightVM and InsightConnect, teams share a unified view, so there is no confusion and no miscommunication.
Security automation: Vulnerability management’s secret sauce
We also walk through a step-by-step process in which InsightVM helps organizations collect data across their ecosystems, prioritize risk and remediation activities using attacker behavior analytics, and remediate with SecOps agility (read: fast). Using automation, all of this is simple and straightforward, bringing teams closer together and moving security forward to keep pace with today’s rapid-fire threats.
It’s important to note that we view automation and orchestration in a unique way. Everyone understands what automation means in the context of taking something you do manually and making it so you don’t have to do it over and over again. But we see a SOAR platform as a means not only to streamline processes, but also to avoid or significantly reduce the need to write code. InsightConnect, our customizable security orchestration and automation solution, integrates with hundreds of top security vendors. By leveraging pre-built workflows, it can easily ingest data (e.g., alerts, emails, APIs, logs, etc.), automate actions (e.g., create tickets, quarantine users/assets, update network rules, notify users, kill processes, etc.), and even enrich data so analysts have better context in which to make decisions.
We call this concept security orchestration. It enables integrations across your entire tech stack as well as defines workflow logic in such a way that teams can start to work together. In this way, it’s truly about connecting teams, not just tools. And better yet, InsightVM also comes with pre-built workflows to support Automation-Assisted Patching and Automated Containment.
Because automation pulls you out of the weeds and gives you time back to focus on strategic initiatives, it also allows you to make real progress on your remediation efforts. If you think about where your teams spend their time, chances are much of it is on redundant, tedious tasks that machines could easily handle. SOAR helps you to build out a seamless vulnerability management workflow (remember, without any code required), thus freeing up your time to work on higher-level tasks that will bring you the greatest returns.
Not only that, but it also does so in a way that doesn’t sacrifice your control. You can specify when a workflow pauses, enabling an analyst to add additional context to make a decision, and then continue on with automation. It’s the intersection between machines and humans that makes automation unique and powerful.
Getting ahead of vulnerabilities once and for all
There are more vulnerabilities in an environment that your team could ever possibly remediate on their own. The result? A mounting backlog that piles up to a point where issues start slipping through the cracks and you become more vulnerable to attacks if certain actions aren’t taken in a timely way. With security orchestration and automation on your side, repetitive and tedious tasks are handled for you, which means the majority of vulns sitting in your backlog can be handled automatically, allowing you to up-level focus, and for the first time, actually get ahead of vulnerabilities.