- Security analysts manually chase and research 11,000 alerts per day.
- 77% percent of decision-makers state manually researching these alerts negatively impacts their organizations’ ability to mitigate and prevent attacks.
- Automation and AI remove manual efforts to focus on higher severity alerts and threats.
Forrester states the average SOC receives over 11,000 alerts a day. Many of these alerts are read, researched, and prioritized manually. These manual efforts consume a lot of time and significantly constrain incident management and response processes. In the same Forrester report, 77% percent of decision-makers state manually researching these alerts negatively impacts their organizations’ ability to mitigate and prevent attacks.
Given the vast number of applications and systems and few security analysts, alert overload is inevitable. Enterprises need more automated processes to remove false positives, enrich threat data, and prioritize to keep up with the thousands of alerts.
How to Fully Automate Chef Compliance Incidents with Intelligent Automation
True intelligent automation is integrating people and systems into repeatable and scalable processes. If you can model your incident management processes across people and systems, you can identify bottlenecks and optimize based on the constraints. However, many times, too many digital processes are forced upon users, and they become overwhelmed. They are left to figure out which system performs which function or reading data from one system only to input it into a second. Enterprises need to automate processes like this to remove manual interaction and free analysts to perform higher-value work.
Demonstration: Incident Management Automation
The following demonstration automates incident management across several people and systems. The workflow is very similar to those happening in your enterprise and may not follow this exact flow or use these systems.
Here are the significant steps in the demonstration:
- Chef Automate receives alerts from Chef’s products when they are out of compliance. Out of compliance could be a patch on the operating system, firewall ports or turning servers services on and off
- The Chef Automate dashboard runs a scan to check for compliance.
- Chef creates an incident that is then sent to ServiceNow (integrated with Chef Automate) for remediation.
- Krista reads the ServiceNow incident and begins coordinating with various people and systems.
- Krista then automatically creates a JIRA ticket and notifies DevOps.
- DevOps then reviews, categorizes, and picks a recipe to apply to it. In this particular incident, we find that a Windows 10 node is out of compliance. The Chef recipe informs Windows to stop and disable the print schooler.
- As the work progresses, Krista updates all of the relevant systems and people in the workflow. Should you need to perform an unscheduled reboot, she will escalate the incident to the manager. The manager reviews and approves the SNOW incident.
- Finally, the JIRA ticket is updated with the details after informing the relevant stakeholders in the organization.
So, what did we see?
This process shifted the responsibility from manual human labor to a machine. The process is the same but can operate at machine speed and frees an analyst to perform more critical work. But the key takeaway is incident categorization, where you categorize incidents and save the decisions/conversations in classes/categories. Once you have the structure, you can add new knowledge or re-use existing decisions to solve compliance issues. These automated workflows will help improve quality, increase productivity and reduce the overall IT workload.