ChatOps, Conversation-driven Security Collaboration

ChatOps combines the benefits of a chat app like Slack with the powerful automation features of a chatbot to streamline incident response.

Rapid7 SOAR Product

What is ChatOps?

With ChatOps, security and IT professionals can integrate the work conversations that they’re already having with the actual tools they use to perform that work. They can also use ChatOps to orchestrate IT and security processes in order to gain a clearer view into their security landscape.

With collaboration capabilities and chatbot-powered automation available in a single interface, security and IT teams can engage in group conversations, automate key security tasks, and access a full view of actions that members of the team are taking in real time. This helps them work more efficiently, deploying software updates or patches into production and addressing potential security incidents with greater speed.

ChatOps, a term that was originally coined on GitHub, is also sometimes referred to as conversation-driven collaboration or conversation-driven DevOps. With ChatOps facilitating timely collaboration between security and IT teams, organizations can improve and accelerate their security incident response processes.

How ChatOps Works

While gathered in a chat room, team members type commands that a chatbot executes using either plugins or custom scripts. For example, a security analyst can issue a command directly within a group chat telling the chatbot to aggregate key information and retrieve the fixes for a vulnerability.

The chatbot then hands that command off to IT, who accepts and applies the patch. Upon completion, the chatbot can return a detailed log of the result to verify the patching was successful—right into the chat window. Not only can the entire team see exactly what has happened, but it can also coordinate follow-up steps in real time.

ChatOps can aid in orchestrating incident response as well, integrating with a security system to issue a timely notification in the event of an incident. For example, an intrusion detection system could trigger an alert into a Slack channel about an abnormal code deployment at 2 a.m.

Upon seeing this alert pop up, a member of the dev team could then ping everyone else to let them know it was him and that he was traveling in Europe at the moment—thus, the unusual time for the deployment. On the other hand, if it turned out no one was sure what caused the alert, the team could mobilize a rapid response from directly within the Slack channel without having to convene a time-consuming war room meeting.

Benefits of a ChatOps Solution

As software development teams know, building and deploying an application can be a complex process. With the transparency that ChatOps provides, no one has to wonder who issued a command if a glitch arises, since a complete record of what has transpired is available for all to see in the chat window.

Developers can collectively diagnose and resolve issues as they crop up. Security teams can even designate Slack channel(s) to orchestrate routine tasks, such as routine investigatory follow-ups, alert enrichment, or malware containment, so they can more easily focus on more strategic priorities such as threat hunting and responding. 

The automation enabled within ChatOps can reduce instances of human error, empowering developers to automatically execute commands that have already been tested and vetted. Since everyone is in the same chat session, team members can quickly issue and fulfill requests without having to use a cumbersome ticketing process.

Non-technical staff can even use ChatOps to check the status of an incident without bothering developers or their security colleagues, allowing them to concentrate on the task at hand. The real-time documentation provided within ChatOps can be beneficial not just from a workflow optimization standpoint but for regulatory compliance and security purposes as well. 

ChatOps also streamlines remote team collaboration and new hire orientation, helping colleagues coordinate their shared work with greater ease regardless of their geographical location or length of tenure. ChatOps also builds team camaraderie, bringing a little fun into the development and incident response processes.

And, with streamlined mobile access to the tools they use at work, developers and their security colleagues can address time-sensitive requests or issues no matter where they happen to be—whether that’s at a coffee shop or waiting in line to see a movie.

Ultimately, ChatOps accelerates time to market while also significantly reducing the time required to evaluate and resolve a potential security incident.

4 ChatOps Tips for Security Teams

Thinking of using ChatOps at your organization? These four tips can help you make the most of your solution:

1. Pick the right tools 

The ChatOps tools you select will depend on your collaboration, development, and security needs. For example, not all security tools may integrate with chat apps such as Slack—or, if they do, the integration may be only one-way, providing you notifications without giving you the ability to delegate tasks back from Slack to your security orchestration tools. Make sure you pick the ChatOps tools that best support your team’s workflow requirements. 

2. Start small 

It’s not uncommon for there to be significant cultural resistance to automation within an organization. For this reason, it’s best to begin with small changes and incrementally build on them.

Try starting with something passive like automated queries before advancing to automated deployment tasks. By gradually and carefully demonstrating the benefits of ChatOps to everyone involved, you can build their confidence in the technology and increase your chances of success.

3. Use natural language

You can configure your chatbot to execute commands based on language that you would naturally use in the course of a chat session. For example, if you ask your colleagues, “Hey, what’s going on with this server?” your chatbot can automatically spring into action and return the information you requested without anyone having to lift a finger. This makes everyone’s work more convenient, increasing the likelihood of adoption.

4. Help your chatbot help you

Team members are going to query your chatbot as they’re learning how to use it. This is especially true for new hires who are just getting up to speed on how everything works at your company. Configure your chatbot to give helpful answers when people ask how to use certain commands. If you like, you can even infuse it with some personality that’s in line with your company’s culture.

ChatOps places the tools that developers and security professionals use directly into workplace conversations, enhancing team collaboration and problem-solving on a wide range of tasks ranging from incident response to patch deployment and beyond. ChatOps can even be beneficial from a cultural standpoint, strengthening work relationships and boosting your team’s effectiveness. With the powerful security automation and collaboration capabilities found in ChatOps, your company can accelerate its incident response and achieve faster time to market.

Read more about ChatOps

Blog Post: ChatOps for Security Operations