SlideShare a Scribd company logo

Security Automation Approach #1: Workflow

Download as PPTX, PDF
L
Lauren Kersanske

The workflow tool receives a phishing alert from a detection system. It then retrieves additional context data on related URLs, attachments, emails, and keywords. The workflow tool then opens a ticket, assigns it to an analyst based on preset rules, and includes the enriched alert data to assist the manual investigation. The analyst reviews the evidence and remediates the threat, such as imaging infected laptops, blocking senders, and deleting emails.

Technology
Related topics:
Information Security Cyber-Security
1 of 6
Download to read offline
1
2
3
4
5
6
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow The workflow tool receives a phishing alert from a detection system.
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow Workflow tool retrieves data to give more context to alerts. Data on entities such as: • URLs • Attachments • HTML email • Keywords
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow Workflow tool opens and assigns a ticket to an analyst based on pre-set rules
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow Ticket includes enriched alert data to assist in the manual investigation.
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow The analyst manually investigates and remediates the threat. • Review email • Analyze attachments, URLs, keywords • Determine who received the email, where it might have been opened (Pivoting) • Manually remediate (ex. re-imaging a laptop , Deleting the email from the mailbox, blocking the sender?)
Intelligent Security Orchestration and Automation hexadite.com Workflow What Time Review email 10 minutes Analyze attachments, URLs, and keywords 30 minutes Access the endpoint 1 hour Remediate 30 minutes TOTAL 2 hours and 10 minutes

More Related Content

PPTX
Sql injection
Zidh
 
PDF
Aikakausmediat somessa / kesäkuu 2016
Aikakausmedia
 
PPT
Харчування у профілактиці серцево-судинних захворювань
MyHelix
 
PDF
Afaceri interactive de robert kiyosaki
Cotoflea Simona-Roxana
 
PPS
Hechos de los Apóstoles
deliagatocasado
 
PPT
Family members game
Fernando garza
 
PPTX
11th grade english unit 11 1 memoir x2
Efraín Suárez-Arce, M.Ed
 
PDF
Statistical computing 01
Kevin Chun-Hsien Hsu
 
Sql injection
Zidh
 
Aikakausmediat somessa / kesäkuu 2016
Aikakausmedia
 
Харчування у профілактиці серцево-судинних захворювань
MyHelix
 
Afaceri interactive de robert kiyosaki
Cotoflea Simona-Roxana
 
Hechos de los Apóstoles
deliagatocasado
 
Family members game
Fernando garza
 
11th grade english unit 11 1 memoir x2
Efraín Suárez-Arce, M.Ed
 
Statistical computing 01
Kevin Chun-Hsien Hsu
 

Viewers also liked (13)

PPTX
ジョブウェブ創業者佐藤孝治の「内定の原則講座〜就職活動で成功する人だけが持つたった一つの原則〜」
孝治 佐藤
 
PPTX
La conciencia fonológica taller para padres y madres
Ruth Valverde
 
DOCX
Lesson Plan Senior High School 3
Dea SR
 
PDF
Partition and conquer large data in PostgreSQL 10
Ashutosh Bapat
 
PPT
Office Automation Final
makhtar79
 
PPTX
Office automation2
Edz Gapuz
 
PPTX
Industrial Automation
Rajesh Raushan
 
DOCX
Office Automation System
university of education,Lahore
 
PPTX
Introduction to automation ppt
Himani Harbola
 
PPTX
automation slides,plc,scada,HMI
BOSCH
 
PPT
Ppt on automation
harshaa
 
PPT
Chapter 1 introduction to automation
Mohamad Sahiedan
 
PPTX
INDUSTRIAL AUTOMATION USING PLC
Mehvish Mushtaq
 
ジョブウェブ創業者佐藤孝治の「内定の原則講座〜就職活動で成功する人だけが持つたった一つの原則〜」
孝治 佐藤
 
La conciencia fonológica taller para padres y madres
Ruth Valverde
 
Lesson Plan Senior High School 3
Dea SR
 
Partition and conquer large data in PostgreSQL 10
Ashutosh Bapat
 
Office Automation Final
makhtar79
 
Office automation2
Edz Gapuz
 
Industrial Automation
Rajesh Raushan
 
Office Automation System
university of education,Lahore
 
Introduction to automation ppt
Himani Harbola
 
automation slides,plc,scada,HMI
BOSCH
 
Ppt on automation
harshaa
 
Chapter 1 introduction to automation
Mohamad Sahiedan
 
INDUSTRIAL AUTOMATION USING PLC
Mehvish Mushtaq
 
Ad

Similar to Security Automation Approach #1: Workflow (20)

PPT
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Anton Chuvakin
 
PDF
MongoDB World 2019: Securing Application Data from Day One
MongoDB
 
PDF
Microsoft Avanced Threat Analytics
Adeo Security
 
PPTX
If We Only Had the Time: How Security Teams Can Focus On What’s Important
Nathan Burke
 
PPTX
What your IT Doesn't Know about Publishing DITA Content
ctnitchie
 
PPTX
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Christopher Gerritz
 
PDF
The New Pentest? Rise of the Compromise Assessment
Infocyte
 
PPT
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
Start Pad
 
PPTX
Artificial Intelligence - Overview
Mithileysh Sathiyanarayanan
 
PDF
AI-Driven News & Article Data Scraping: A Deep Dive into Content Extraction
Web Screen Scraping
 
PDF
Sophisticated Attacks - Can We Really Detect Them _v1.2.pdf
Michael Gough
 
PPT
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
PDF
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
PDF
Getting started with Web Scraping in Python
Satwik Kansal
 
PPTX
Synopsis-Data_Leaks_Detection-046(2).pptx
kalsdoyipode
 
PDF
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
 
PPTX
The Incremental Path to Observability
Emily Nakashima
 
PDF
Microsoft Advanced Threat Analytics - How it Works - Presented by Atidan
David J Rosenthal
 
PDF
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
Priyanka Aash
 
PDF
Can_We_Really_Detect_These_So_Called_Sophisticated_Attacks?
Michael Gough
 
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Anton Chuvakin
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB
 
Microsoft Avanced Threat Analytics
Adeo Security
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
Nathan Burke
 
What your IT Doesn't Know about Publishing DITA Content
ctnitchie
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Christopher Gerritz
 
The New Pentest? Rise of the Compromise Assessment
Infocyte
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
Start Pad
 
Artificial Intelligence - Overview
Mithileysh Sathiyanarayanan
 
AI-Driven News & Article Data Scraping: A Deep Dive into Content Extraction
Web Screen Scraping
 
Sophisticated Attacks - Can We Really Detect Them _v1.2.pdf
Michael Gough
 
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
Getting started with Web Scraping in Python
Satwik Kansal
 
Synopsis-Data_Leaks_Detection-046(2).pptx
kalsdoyipode
 
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
 
The Incremental Path to Observability
Emily Nakashima
 
Microsoft Advanced Threat Analytics - How it Works - Presented by Atidan
David J Rosenthal
 
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
Priyanka Aash
 
Can_We_Really_Detect_These_So_Called_Sophisticated_Attacks?
Michael Gough
 
Ad

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Encapsulation theory and applications.pdf
gurumoop
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Cloud computing and distributed systems.
kkkkkhan
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

Security Automation Approach #1: Workflow

  • 1. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow The workflow tool receives a phishing alert from a detection system.
  • 2. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow Workflow tool retrieves data to give more context to alerts. Data on entities such as: • URLs • Attachments • HTML email • Keywords
  • 3. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow Workflow tool opens and assigns a ticket to an analyst based on pre-set rules
  • 4. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow Ticket includes enriched alert data to assist in the manual investigation.
  • 5. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate - Workflow The analyst manually investigates and remediates the threat. • Review email • Analyze attachments, URLs, keywords • Determine who received the email, where it might have been opened (Pivoting) • Manually remediate (ex. re-imaging a laptop , Deleting the email from the mailbox, blocking the sender?)
  • 6. Intelligent Security Orchestration and Automation hexadite.com Workflow What Time Review email 10 minutes Analyze attachments, URLs, and keywords 30 minutes Access the endpoint 1 hour Remediate 30 minutes TOTAL 2 hours and 10 minutes