On the earth of Threat Administration, velocity is commonly the enemy of thoroughness. Safety groups are stretched skinny, appearing as “human APIs” by manually shifting information between spreadsheets, ticketing techniques, and threat dashboards.
As we speak, we’re thrilled to announce the launch of Threat Automations, a strong new addition to the Cybersecurity platform designed to show threat intelligence into fast, measurable motion and join the instruments and platforms you depend on.
Transfer past static monitoring
Threat consciousness is barely half the battle. The subsequent problem is taking motion. The second a vendor’s rating drops or a vulnerability surfaces, the remediation race is on. But, most groups discover themselves caught on the beginning line. Earlier than a repair might help, an analyst should manually triage the alert, open a ticket, and notify the correct stakeholders.
Threat Automations eliminates this handbook overhead. By connecting Cybersecurity on to the instruments you utilize day-after-day, you possibly can construct automated workflows that establish, notify, and resolve dangers 24/7 — no extra triage bottlenecks.
This is an instance workflow triggered by a vendor’s safety rating dropping beneath a specified threshold.
Instance Jira ticket creation workflow in Cybersecurity Threat Automations.The way it works:Set off: The workflow listens for a Vendor Rating Drop occasion (e.g., falling beneath 600).Information Retrieval: It immediately queries Cybersecurity information to fetch the seller’s complete threat profile, together with historic scores and class breakdowns.AI Evaluation: The info is handed to your authorized AI occasion, making certain its safe dealing with. Appearing as a safety analyst, the AI triages the info and pinpoints precisely what induced the drop and highlights new high-severity dangers.Motion: A Jira activity is created in your backlog. The outline is pre-populated with the AI’s bulleted abstract, prepared for project. In case you use a special ticketing platform, merely swap out the Jira node for Zendesk, Asana, or no matter device your staff makes use of. 100+ native integrations
Threat Automations syncs natively with over 100 frequent instruments:
IT Service Administration: ServiceNow, Jira, Freshservice, Zendesk, HaloPSACommunication: Slack, Microsoft Groups, Mattermost, EmailCloud and infrastructure: AWS (All), Microsoft Azure, Google Cloud, CloudflareSIEM and observability: Splunk, Datadog, DynaTrace, ElasticSecurity and identification: CrowdStrike, Okta, Zscaler, Carbon Black, Rapid7 InsightVM
For bespoke instruments, use our common API connector to bridge them instantly into your Cybersecurity Threat Automations workflows.
If it has an API, you possibly can automate it.Get fast worth with pre-built templates
You shouldn’t should be a developer to automate your safety program. Threat Automations comes outfitted with a library of vetted, no-code templates designed to resolve the most typical complications.
Common automation templates embody:
Vendor threat triage: Routinely triage new dangers as they’re found, making a ticket full with remediation steps.Vendor rating drop triage: When a vendor rating drops beneath a threshold, triage the seller, set off a notification, and create a ticket full with advisable actions.Actual-time menace routing: When a vital breach is recognized in Breach Threat, robotically push the intelligence to a devoted Slack channel or create an incident ticket to your SOC staff.Dynamic remediation: Transfer from “discovered” to “resolved” immediately. Routinely set off system-level actions, like password resets for compromised credentials.
This is an instance workflow template for immediately resetting account credentials via Microsoft Entra ID (previously Azure AD) the second Cybersecurity detects a person’s password has been uncovered in a third-party breach.
Instance credential breach response workflow template in Cybersecurity Threat Automations.The way it works:Set off: The workflow listens for “Identity Breach” or “Email Exposure” occasions from Cybersecurity.Sensible Filter: It analyzes the breach information. The automation proceeds provided that the compromised information contains Passwords. If solely e mail addresses had been uncovered, the workflow stops to forestall pointless lockouts.Remediation: The affected person account is about to Enabled: False in Microsoft Entra ID, instantly revoking entry.Notification: Administration: An AI-generated abstract of the breach context is shipped to a management channel in Microsoft Groups.Assist: A selected alert is shipped to your IT Assist channel figuring out the locked person, prompting them to facilitate a handbook password reset.AI-driven precision
You do not want extra noise; you want contextualized insights. Threat Automations ensures solely high-priority insights requiring fast consideration are delivered to decision-makers. However as a substitute of everybody receiving the identical generic, extremely technical threat overview, every message is robotically crafted for its particular viewers. No extra time wasted on interpretation; immediately perceive the situation, and your precise subsequent steps.
Instance of an automatic threat report era workflow inside Cybersecurity Threat Automations.Conserving the human-in-the-loop
The automation workflow would not finish with a high-fidelity alert. After a threat is recognized, resolve it immediately with automated, system-level triggers, together with password resets, firewall updates, and blocking malicious IPs. By resolving points on the supply, you possibly can automate the whole cyber threat lifecycle, lowering time-to-resolution from days to simply seconds.
For vital points, Threat Automations presents human-in-the-loop checkpoints, supplying you with the chance to granularly management actions with out worrying about handbook handoffs.
Quantify your effectivity
Achieve prompt visibility into the well being and influence of your workflows with a centralized view. Monitor execution standing in actual time to rapidly establish and resolve failed automations, whereas quantifying the precise time saved for every activity. Then, use this information to reveal the effectivity and scalability of your threat remediation technique to stakeholders and auditors.
Threat Automations dashboard simplifying monitoring of all key automation efficiency metrics.
Able to automate your threat course of?
Threat Automations is offered now. Prepared to rework your handbook workflows into an clever decision engine?
Construct your first Threat Automation.
