In this week’s Whiteboard Wednesday, Sydney Coffaro, Product Specialist for InsightConnect, breaks down the steps you can take to help automate various parts of your business. She illustrates some notable security operations processes that can benefit from automation, how you can implement them with simple workflows, and the innovation that can come from automation.
Hi, and welcome to this week's Whiteboard Wednesday. My name is Sydney Coffaro, and I'm a Product Specialist for Rapid7's security orchestration and automation solution, InsightConnect.Show more Show less
Today I wanna spend some time talking about how automation can help innovate both security and business. We can start by breaking down automation into its key characteristics, and then follow this as a guide for automating many use cases outside of security.
By automating repetitive and repeatable processes, teams can innovate to become more operationally efficient and spend more time in more places that require their attention, such as further investigating incidents as an example.
Let's start by breaking down the key characteristics that we see in automating any process. Every automated workflow will begin by utilizing a trigger event. These can vary from ingest email alerts, to customizing endpoints to post information out to, or even scheduling a timer trigger to execute on a scheduled basis.
Next, we'll wanna perform some kind of enrichment or data correlation. This is where we begin to see teams integrate with their different systems within their environment to pull information from. Whether that be looking up the reputation of an indicator within a threat intelligence platform, or correlating the traffic that was seen on the network, our goal is to gather enough information so that we can make an informed decision.
Within a SOAR solution, users should have the ability to configure either automated or human based decisions. Now this can be dependent on how comfortable your team is with automation. Either way, we want you to choose what's going to best fit both your team and processes.
Lastly, you wanna configure automated actions to assist with the remediation steps. This can be as simple as sending an email or generating a ticket or even updating your firewall rules and correlating assets from the network. When it comes to innovation, we can begin to apply these basic concepts that we see outside of the security realm.
As an example, we can provision new users of your company by ingesting emails from ADP or even your HR department to then generate their accounts within a variety of different systems, such as Active Directory, Okta, Duo, or even your email provider such as Office 365.
To learn more about how automation can promote innovation, request a demo of InsightConnect today, or ask us for more information. That's it for today's Whiteboard Wednesday. We'll see you again next time.
InsightConnect is a security orchestration and automation solution that enables your team to accelerate and streamline time-intensive processes—no code necessary.Request a demo
Are you thinking about security orchestration and automation? Find out just how much time it could save you and your team.Learn More