Post on 20-Mar-2017
Intelligent Security Orchestration and Automation hexadite.com
Let’s Automate - Workflow
The workflow tool receives a phishing alert from a detection system.
Intelligent Security Orchestration and Automation hexadite.com
Let’s Automate - WorkflowWorkflow tool retrieves data to give more context to alerts. Data on entities such as:
• URLs• Attachments• HTML email• Keywords
Intelligent Security Orchestration and Automation hexadite.com
Let’s Automate - Workflow
Workflow tool opens and assigns a ticket to an analyst based on pre-set rules
Intelligent Security Orchestration and Automation hexadite.com
Let’s Automate - Workflow
Ticket includes enriched alert data to assist in the manual investigation.
Intelligent Security Orchestration and Automation hexadite.com
Let’s Automate - Workflow
The analyst manually investigates and remediates the threat. • Review email• Analyze attachments, URLs, keywords• Determine who received the email, where it might
have been opened (Pivoting)• Manually remediate (ex. re-imaging a laptop ,
Deleting the email from the mailbox, blocking the sender?)
Intelligent Security Orchestration and Automation hexadite.com
WorkflowWhat TimeReview email 10 minutesAnalyze attachments, URLs, and keywords 30 minutesAccess the endpoint 1 hourRemediate 30 minutesTOTAL 2 hours and
10 minutes