Automating Incident Severity

Security Orchestration Use Case: How to Automate Incident Severity Assignment?

Is your CSIRT team facing too many security alerts? Is your SOC has various security products that are jumbled together? Are you worried about setting the sensitivity of each product? How a severity level should be assigned to each imminent incident? These questions are hard to answer by today’s security professionals. However, security orchestration plays a crucial role in helping experts to address these questions.

Continue reading

How to Automate Threat Hunting?

Security Orchestration Use Case: How to Automate Threat Hunting?

Threat hunting is the practice of iteratively and proactively hunting for threats or Advanced Persistent Threats (APT) that are launched by adversaries. Unlike traditional security systems such as antivirus program, firewalls, or SIEM, who use a reactive approach to threats, threat hunting utilizes a proactive approach to pursuing threats even before they compromise organization’s network or IT infrastructure.

Continue reading

Security Orchestration Use Case: How to Automate Malware Analysis?

Malware Analysis is the process whereby security teams such as Incident Response Handlers perform a detailed analysis of a given malware sample and then determine its purpose, functionality, and potential impact. Conducting malware analysis manually is a cumbersome and time-consuming process as it involves a lot of security professionals, resources, and budget.

Continue reading

Security Orchestration Use Case: How to Automate VPN Checks?

An organization can have innumerable VPN access attempts from within or outside its facility. In the world of globalization and cloud computing, even these attempts can be made from outside the country. Checking each attempt manually is a daunting task for enterprises as it consumes a lot of time and engages more security professionals. The basic VPN checks involve DNS Leaks, IP Address Leaks (e.g., IPv4 and IPv6), and WebRTC Leaks. Two types of manual VPN checks are Basic Test which is performed online through a VPN test website such as ipleak.net and the second one is Advanced Test that utilizes more advanced tools for this purpose. To automate these tests, security orchestration plays a pivotal role.

Continue reading