Security incident management is complex, and requires skills and resources that a lot of organisations don't have. Increasing demands and increased rate of change put organisations under more pressure than ever. This complexity makes it easy to overlook the people and process sides of security.
A lack of consistent process runs the risk of critical information being missed, or incidents not being addressed. Stretched resources can result in staff burnout and important areas being neglected. It is difficult to innovate and improve when struggling just to maintain the status quo.
Contact us on 04 917 6670 or firstname.lastname@example.org if you would like to know more the SSS Security Threat Automation and Response Service (STARS).
SSS has partnered with Swimlane, a leading Security Orchestration, Automation, and Response system, and our shared expertise has resulted in the development of our STARS platform.
The key to effective security operations is consistent process and evidence-based decision making. STARS achieves this through integrations with industry-leading threat intelligence sources, and combining this with the power of automation.
STARS is designed to augment existing IT systems and staff without the need to "rip and replace". Being platform agnostic allows STARS to leverage existing systems and assets, without the requirement to roll out new software.
SSS designs and implements best practice automation playbooks to provide effective and efficient responses to security incidents. Automation ensures that consistent processes are followed, and takes tedious and repetitive tasks away from staff. This helps to address burnout and human error, and allows the move to a proactive and innovative culture, rather than being reactive post-incident.
Addressing security concerns is hard when you don't know what you don't know. The first step in the STARS process is to discover vulnerabilities and indicators of compromise in your environment. This serves as a starting point for further investigation.
Once indicators of compromise have been identified, they need to be investigated and validated. STARS uses industry-leading threat intelligence sources to evaluate indicators of compromise. It then implements customisable logic to apply client-specific context to the information.
Automation and Orchestration
Once a problem is identified and validated, the next step is to figure out what to do to fix it. STARS provides best practice playbooks to deal with incident management activities, and to orchestrate response actions. Flexible levels of customisation allow you to figure out what needs to be done and how you want to do it, and then make it happen automatically.
Response and Remediation
Security incidents can be complex and varied, but remediation activities are often similar and repeatable. STARS allows you to identify common response actions and automate the remediation activities. This could include locking user accounts, deleting malicious emails, blocking files or IPs, or isolating endpoints. STARS has a wide range of integrations with third party systems, so remediation activities are really only limited by imagination.
The STARS base service is an incident management service for dealing with general security alarms and phishing emails.
Service features include:
- Access to a personalised Security Operations Centre portal
- Customisable automation thresholds
- Real-time metrics to demonstrate return on investment
- Managed service using monthly pricing and no minimum commitment
- Optional purchase of additional support or professional service hours to augment internal teams
Playbook Management Uplift
This includes the design, implementation, and ongoing management of playbooks for additional use cases.
Playbooks are sized and priced based on complexity.
- Low Complexity: Services that typically require out-of-the-box integrations, or processes that have < 3 process levels.
- Medium Complexity: Services that typically require out-of-the-box integrations, or processes that have < 5 process levels.
- High Complexity: Services that typically require custom integrations, or processes that have > 5 process levels.
Example use cases include:
- User onboarding and offboarding
- Data exfiltration
- Darkweb monitoring
- Threat hunting
Security Analyst Assistance Uplift
STARS provides a mechanism for clients to manage and remediate their own security incidents. However, many organisations don't have dedicated security teams, or the capacity to take on the additional work that SOAR and incident management entails.
Sometimes additional resources many be required to assist with incident management, process design, or automation configuration. SSS provides options for 5, 10, and 15 hour bundles per month to be used for any STARS activities.