Today, more and more security teams are relying on chat and collaboration tools like Slack and Microsoft Teams to communicate quickly and effectively as they work to keep their organizations secure.
Day in and day out, security analysts are checking messages using the applications on their workstations and even their cell phones to communicate about the latest threats, alerts, and machines that need to be patched. And while communication among teams is improving, the challenges faced as a result of too many disparate tools firing too many alerts persist. Alert and console fatigue are real, and this all too familiar combination is making security teams less effective by reducing focus and increasing the time it takes to respond to threats.
With InsightConnect, Rapid7’s security orchestration and automation (SOAR) tool, you can take action against alerts, threats, and vulnerable hosts directly from your existing communication tools, increasing visibility and saving time so you can accomplish more and focus on what matters.
Early security operations from chat
In 2011, I was a security engineer in a forward-thinking research environment that instituted chat operations as a way to respond to events occurring on the network. This was a time before SOAR was coined. It was also a time before modern chat tools like Slack and Microsoft Teams took afoot.
We used an encrypted internal IRC server that we hosted ourselves and wrote custom API services and chatbot code to integrate with our tools. I remember working with a coworker on a RESTful-based API for Nagios so we could schedule host downtime from chat. We also built an API service for our Black Hole Router, which allowed us to block hosts that we ..
Support the originator by clicking the read the rest link below.
