Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

Automation Anxiety? Don’t Worry.

More efficient processes. Better staff utilization. Increased documentation of processes. These are just a few of the benefits of automation, yet organizations may be slow to adopt automation technologies due to a fear of the unknown.  The thought of automating some of their most critical processes does initially cause anxiety for some, but if I had to summarize this article in two words, it would be: “DON’T PANIC.” Listed below, you’ll find some of the common concerns we’ve heard from users who are exploring automation for the first time as well as how we put their mind at ease.

“If I’m setting up automated workflows and a bunch of them get kicked off at once, I’m just putting them into a single file line. They’re going to have to wait for one to finish before the next starts. If this happens, critical processes or alerts within my organization are going to get overlooked or left behind in an automation queue and then they’ll blow up to become even larger problems.”

With ThreatConnect, set-up dedicated servers for specific Playbooks so that anytime a certain job, task, or process needs to run, there is a standby server ready to go. With Playbook Servers, you can easily and effectively scale your instance of ThreatConnect to handle thousands of Playbook executions per day, while prioritizing what’s important. You can allocate Private Servers to an Organization for the highest priority Playbooks in order to get ahead of the queue;  and also enable high availability (HA) by deploying multiple Playbook Servers. If at any point a Playbook Server crashes, the remaining servers take over responsibilities. This means no single point of failure! The last thing you want is for your Playbook Servers to be pulling a Lucille Ball in the Chocolate Factory.

“When it comes to making blocking decisions, I’m just not sure relying 100% on an automated process across various technology solutions is realistic for my organization. There are approval processes set up across my team that can’t be overlooked. They may be manual, but for such a critical task, I’d rather be overly thorough.” 

When it comes to automation in ThreatConnect, it’s not an automate-all or automate-nothing mentality. What I mean is that if you decide there’s a specific process you’d like to create a Playbook for and automate, you’re still able to add in checkpoints with the ability to notify humans (team members) of actions to be taken for approval. ThreatConnect allows you to automate when needed but bring in the human touch when required. By setting up rules around your Playbooks, you ensure that the right things are being fully automated or sent along to a teammate for remediation. For example, your team could use ThreatConnect for automating the triage of Phishing emails. The Playbook can parse out the IOCs and once something of interest is found, send a Slack message to an Analyst for further investigation. From there, the Analyst confirms the IOC is something worth taking action on, and sends it along to your endpoint security system. Humans and machines working in harmony, hasta la vista phishing email.

“I’ve spent a lot of time and resources in the past setting up new solutions only for them to become ‘shelfware’.  I want to be 100% sure that I am getting a return on investment (ROI) on anything I invest my already limited time, energy, and budget into.”

In ThreatConnect, automated processes are managed using Playbooks and each individual Playbook has a built-in ROI Calculator.  These calculators allow you to see how much time and money has been saved through automating processes within your organization. There is no limit to the number of Playbooks you can set up and execute, as your knowledge grows and you set up more and more Playbooks, you can expect to see exponential ROI from using ThreatConnect. Additionally, with a dedicated Customer Success team, ThreatConnect ensures that the Platform is being leveraged to its fullest based on your organization’s goals.

Here’s a view into what type of ROI data you’re provided with every ThreatConnect Playbook

“Our information technology infrastructure is large and diverse. I am hesitant to add more to an already complex system that could add more risk and/or expose my network.”

Fully utilizing automation at your organization shouldn’t mean you have to re-architect your entire technology stack. Environment Servers enable ThreatConnect to communicate with technologies operating on other networks. For example, you may have systems that reside behind different firewalls, be geographically located across regions, or reside in the cloud or on-premises. Organizations are unique and have different needs due to size and infrastructure – Environment Servers prevents this from being a deterrent when it comes to automation.

“I see that some of the solutions that are heavily leveraged in my organization are not ThreatConnect supported integrations. I am afraid that ThreatConnect will help in some areas, but miss the mark in others.”

ThreatConnect has an ever-growing list of partner integrations. Beyond that, if we do not have a supported integration that you require, we can solve that problem with HTTP Client App and HTTPLink Trigger. These allow you to connect to other solutions via REST API.  This functionality can be useful for building integrations and getting disparate systems to interact via Playbooks. In James Cameron’s Avatar, the Na’vi had a special ponytail that allowed them to connect their mind with various beasts so they could run, gallop, and fly more efficiently. The HTTP Client App and HTTPLink Trigger is similar, but it allows you to easily connect to others solutions instead of a dragon.

“I’m not a developer, I’m an analyst. I don’t know, or have the urge to learn, how Python or other programming languages support a new solution. I’m also worried that the learning curve of a new platform is too much for me to take on with my already hectic schedule.”

This is something that a lot of the security teams we work with bring up. We’ve already discussed how Playbooks are the backbone of automation in ThreatConnect. When it comes to building those, ThreatConnect Playbooks are drag-and-drop and have an easy to navigate UI. There are a variety of pre-built Apps available that will help to solve common use cases seen by our users. If you need help creating a bespoke Playbook or solving a niche use case, our Customer Success teams are here to help. These teams provide Chick-Fil-A levels of customer support.

Automation is here to stay. Although it may seem disruptive for some, it really is a positive game changer.  ThreatConnect allows you to automate the processes that make sense while still having a human touch to the tasks that require a careful eye. The ThreatConnect Platform will never fully displace your security analysts, but it can ease the burden and remove menial or mundane tasks.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.