20 Jul Reap the Payoffs of Successful IR Automation
Do you remember when Salesforce.com came out?
While CRM (customer relationship management) was hardly a new concept, users across the organization loved it for its ease of use, visibility it provided, and the boost of speed its workflows delivered. An enterprise could easily get behind it because users actually used it; the increased data and reporting provided its own benefits!
Choosing a successful Incident Response solution is a bit like looking for Salesforce.com before it became ubiquitous. So inspired by this vintage business case for Salesforce.com, here are a few payoffs you should be looking for as you begin your move to successfully automating incident response.
Business Payoff #1: Work on the Right Stuff
One of the biggest reasons Salesforce.com climbed to prominence is that it helped ensure the sales reps were chasing the best prospects and working on the most profitable deals. Incident response (IR) triage requires the same business result. Speeding up the rate at which incidents are closed won’t necessarily improve your enterprise security posture. Particularly, if you mistakenly call a breach a false positive. Implementing any level of incident response automation must begin with synchronizing people, process, and tools so that your IR team is working on the right alerts. And time spent on the right alerts positively impacts your security posture – whether prevention, detection or resolution.
Business Payoff #2: Better visibility and control
While a 360-degree view of the customer might be overselling any CRM’s capabilities, Salesforce.com provided much needed real-time access to information for users from all areas of the company. Whether workflows were configured to help more successfully manage by exception, or approval cycles configured to keep decision-makers in the loop, its features and functionality helped enterprises of varying sizes and complexity gain better visibility and control over their sales processes. You deserve no less visibility and control for your IR processes. Workflows can help ensure that standard processes are followed for optimal results, and logging as the system of record can ensure compliance.
Business Payoff #3: Less waste
Time and resources spent on unproductive endeavors can sink any enterprise – sales or security. Salesforce.com reports help to cut down the amount of time and resources wasted chasing low-probability, low-yield deals. Security operations analysis and reporting gleaned from an IR platform should help to ensure continuous improvement while reducing wasted efforts. By implementing workflows to address repetitive and routine low-value activities, and ensure triage activities are routed appropriately based on skill and role ensures less wasted talent and greater impact on the business.
Business Payoff #4: Business agility, competitive responsiveness
Agility comes from being able to identify and adapt to the unexpected. The business case I linked to made a point of calling out “system which is very extensible (modular, flexible, with lots of available add-ons) will be essential to your company’s responsiveness over time.” Similarly IR platforms must enhance your responsiveness over time, while still providing immediate value wherever your starting point is today for automating IR.
Business Payoff #5: Make a pricey business process more reliable
Finally, the highest paid people in the company are often salespeople. This makes CRM investment an imperative. Similarly, while Incident Responders may not come with the high-ticket cost of a top-notch sales professional, the shortage of trained talent and the potentially bankrupting effect of a breach certainly makes reliability this a real concern. Securing the enterprise certainly merits more than the “guts and guesswork” that the article characterizes any company not running CRM. Unfortunately, many security operation centers still run on an abundance of manual processes underpinned by guts and guesswork. Moving towards synchronized incident response enabled by an automated IR platform ensures better, more predictable cybersecurity outcomes.
Talk to us to learn more.