Page 57 - index
P. 57
monthly incident volumes. Each incident took an average of 45 minutes or more to address, and
brought with it a lot of residual noise and confusion above and beyond the impactful event.
When an automated solution was built around a pre-approved workflow, the same client saw the
triage and remediation times drop to less than a minute.
The amount of time the support staff got back from this one simple change was significant.
Automation became not only a means of improved efficiency, but also became a force multiplier
for the staff. Not only could they concentrate on more complicated issues, but the administrative
overhead of updating trouble tickets, assigning work, and notification of affected users was all
orchestrated into the automation as part of the workflow.
Continually measure your level of automation to demonstrate the Return on Investment
Think about what you could do if you were automating more of your responses. You could
capture a threat at your SIEM (security information and event management), which – thanks to
your workflows could trigger an automated response that could shut down a port, disable a user,
and generate a new trouble ticket that’s already updated with an audit trail and assigned to the
right team.
As you build in efficiencies, and strip away redundant, repetitive work, you will create
efficiencies that can be measured. As you extend the reach and agency of your staff by
automating solutions to common tasks, you will reduce their workload and allow them to focus
on more comprehensive problems.
When used together, automation and workflow management can create an organizational
culture that truly places security on par with the rest of our business initiatives.
No one thing will protect our networks or our data, but a more mature security stance lead by
harmonized business and security interactions will create the environment we need to succeed.
About The Author
Paul Nguyen, President, CSG Invotas
Paul has been at the forefront of information security for more than 15
years. He joined CSG Invotas in 2013 with a rich history of cyber security
experience and spearheaded the company’s Go-to-Market strategy and
subsequent launch in February 2014. As president, Paul is responsible
for the overall executive oversight and leadership for the strategy and
operations of the CSG Invotas business unit. He is considered a pioneer
in the areas of Automated Threat Response and Active Cyber Defense.
Paul can be reached online at [email protected] and at our company website:
http://invotas.csgi.com/
57 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
