If you’ve ever tried to grow a garden of any size you might remember how easy it seemed at first. How hard can it be to plant seeds and watch them grow into herbs or vegetables? The answer, as experience shows us, it vastly different from the concept. That’s because there are a ton of small little things that you need to do between the planting and the harvesting to insure that everything works out the way that it should. If you forget about watering or weeding or insect control your gardening effort is going to fall flat.
In the same vein, security is a concept that seems easy on the surface. Just protect the important stuff from the bad actors, right? It’s only when you delve deeper into the process and the day-to-day operations that you realize just how mind-numbing it can be to keep things safe and sound. Worse yet, if you miss any one of those steps along the way you’re going to find yourself in a world of trouble. It could mean missing out on an attacker’s attempts to footprint your organization. Or it could mean a call from the national media asking for a comment about a security breach.
SOARing Into a Secure Enterprise
I was fortunate enough to get an opportunity at Security Field Day to hear from Swimlane and how they’re approaching problems like this in the security space. They talk about their low-code approach to automation that integrates into their Security Orchestration, Automation, and Response (SOAR) platform. SOAR is a term used frequently in the security space to talk about engines that take information from alerts being trigged across the enterprise and formulating responses to them to help ensure that the basic tasks are completed and your valuable knowledge workers are focused on the efforts that need their skill sets.
Half of security response is remembering what you need to do in order to respond appropriately. One of the things that Swimlane showed off during their presentation was an automated phishing analysis and response use case. Here’s the video of that section:
My family has asked me recently about the increased number of spam messages they’ve been getting aimed at tricking them into exposing their credentials. Even the best of security pros will eventually click on the wrong link at the wrong time and find themselves in a world of pain trying to reset passwords and remove inappropriate access. The pressure of doing the work is also compounded by the pressure of remembering what you’re supposed to do in an incident.
With a tool like Swimlane, half of the work is done for you already. If the system detects a phishing email it can nullify the attempt to click on the link. If someone does manage to get to the link before the system does and try to input their password to the bogus site, Swimlane has responses for that as well. Since it is also hooked into so much data from the rest of your organization it can also monitor to see if that attempt was ultimately successful and attackers were able to penetrate and move laterally.
More importantly, the automation workflows built in to Swimlane mean that you only need to add new tasks once for them to be repeated every time there is an incident. You can use those workflows as a template for other responses as well. With more phishing attempts coming in via SMS now you want to have a safe and secure mobile response as well as through the corporate email server. The flexibility of Swimlane lets you build policies and procedures to solve these challenges right away.
Bringing It All Together
Half of my project time is figuring out what I need to be doing next. There are endless checkboxes that need to be covered and if I miss one it could make life miserable for not only me but the rest of the team as well. My job doesn’t revolve around security and when you add in the critical nature of those roles you can see why having a platform to automatically respond to checkboxes and present your knowledge workers with a list of things to do in the event of an incident is important. The more you can help them focus on the things that need to be done by doing more behind the scenes the more you can help your valuable assets do the work you hired them to do.
For more information about Swimlane and their SOAR platform and automation offerings, make sure you check out their website at http://Swimlane.com
