Automation Design & Implementation

Automation is a complex undertaking – we understand where organizations are struggling to find better ways to build automation and intelligence into the DNA of the organization, program, and capabilities

According to our survey of security leaders, organizations have observed the following challenges with automation:

83%

 

Are not satisfied with the overall performance of their automation solution

75%

 

Are not satisfied with the availability of professional services to support implementation and or maintenance of their automation solution

75%

 

Are not satisfied with the ease of use of their automation solution

TalonX has built out a diverse, multidisciplinary team to help organizations better combat threats by targeting these pain points with our automation methodology:

 LAYING THE FOUNDATION 

1. Identify Cyber Threats, Risks, & Tools Required

  • Identify and satisfy required cyber tool needs aligned with risk, threat, and automation requirements.

Example activities:

  • Define key cyber threats and use cases that should be addressed by cybersecurity technology

  • Assess functionality available in candidate tools and procure

shutterstock_598574909.png

 LAYING THE FOUNDATION 

2. Standardize and Centralize Cybersecurity Data

  • Unify data format, structure, and content across technology types (e.g., all firewall log data should look the same, regardless of vendor)

  • Centralize data in one system of record

Example activities:

  • Deploy a data pre-processing layer to the security monitoring stack (i.e. parse and rename data fields)

  • Develop SIEM use cases to analyze and report on cybersecurity data

shutterstock_1113135287_edited.png

 AUTOMATING & OPTIMIZING 

3. Augment Processes with Orchestration and Data Enrichment

  • Deploy initial automation capability to correlate data and orchestrate analysis and investigation activities

  • Augment SIEM use cases with near-real-time data enrichment available via direct API calls to cyber tools

  • Automate workflows to streamline interactions and handoffs

Example activities:

  • Begin deploying automation (e.g., SOAR) tools and custom scripts

  • Connect SIEM directly to cyber and workflow management tools via SOAR

shutterstock_671220043.jpg

 AUTOMATING & OPTIMIZING 

4. Achieve Fully Automated Capability

  • Deploy complex correlation using cyber threat intelligence, vulnerability, and on-demand analytical data (e.g.., malware analysis with Cuckoo and VirusTotal)

  • Integrate non-security data to enable identification of complex behavior patterns (e.g., database usage, account and privilege usage, etc.) 

  • Empower automated workflows to perform response actions for high-confidence detections of  malicious activity

Example activities:

  • Integrate external sources of threat intelligence and security data, and enhance workflows to fully utilize them

  • Develop and deploy automated response capabilities (e.g., reset an account in Active Directory)

TalonX is developing a SaaS cybersecurity product, currently in stealth.  If you are interested in learning more or joining the team, contact us here: