Streamline Incident Response with USM Anywhere and Jira

The recent data breach at Equifax is the latest cautionary tale for what can happen when the response to a threat lags behind the initial detection. The vulnerability that ultimately led to the breach was correctly identified, but the delay in patching the affected systems created a window of opportunity for attackers to exploit it.

On this front, Equifax is not alone. According to the SANS 2017 Incident Response Survey, nearly half of the survey base reported that, on average, it takes more than 24 hours to contain a threat, and 82% reported a remediation time of one month or longer.

There are many factors that can slow down an incident response process. Commonly, IT and security reside in different parts of the organization and may use different systems to track and prioritize work. Having to work across multiple ticketing workflow systems that are complex to integrate, redundant, or siloed by product can slow down or introduce errors into an incident response process.

To help reduce time, complexity, and errors in kicking off incident response activities, we’ve brought AlienVault USM Anywhere closer together with Jira, a leading issue and project tracking software.

Today, we’re announcing our newest AlienApp for Jira, instantly available to all USM Anywhere customers. The AlienApp for Jira helps close the gap between threat detection and incident response activities.

With the AlienApp for Jira, you can open and track Jira issues directly from USM Anywhere, making it easy, fast, and efficient to monitor the lifecycle of your incident response activities, even across multiple security and IT teams. From any alarm, event, or vulnerability detected in USM Anywhere, you can create a new Jira issue that captures the relevant threat data needed for effective response, saving you time and effort. You can also automate the creation of new Jira issues in response to threats detected in USM Anywhere to further reduce the time between detection and resolution.

By combining USM Anywhere with Jira, one of the most widely-used tools for both IT service organizations and software development teams, you can streamline your incident response activities and effectively reduce the time to resolution for security incidents.

The Problem

Returning to the Equifax example, let’s look at a simplified scenario of how a vulnerability moves from identification to remediation in many organizations.

  1. A regular network scan (usually off hours) identifies a critical vulnerability.
  2. The next day (and sometimes later), a security analyst reviews the scan results and identifies which machines need patching.
  3. The security analyst logs into a separate IT ticketing system and manually enters all of the relevant information about the vulnerability.
  4. The ticket is added to a long queue of requests for the IT team.
  5. The security analyst continually checks the ticketing system (and/or badgers his or her IT colleagues) to see the status of the request.

Now, let’s look at the same scenario with USM Anywhere and Jira working in concert thanks to the AlienApp for Jira.

  1. A regular network scan (usually off hours) identifies a critical vulnerability.
  2. A USM Anywhere orchestration rule immediately responds to the new vulnerability by automatically creating an issue in Jira, including the relevant information about the vulnerability and the affected asset.
  3. The Jira issue is immediately triaged by the IT team and assigned.
  4. The security analyst arrives at work in the morning, checks USM Anywhere, and sees that the vulnerability has been identified and remediation steps have already begun.
  5. The security analyst can monitor the status of the remediation ticket directly from USM Anywhere; there is no need to log onto Jira to understand what is happening.

Easy to Configure

AlienApps are included with your USM Anywhere subscription, with nothing to download or install. Simply configure the app with your Jira instance name, username, and password with the proper permissions to create Jira issues.

Respond to Alarms and Vulnerabilities

Once configured, you can easily open Jira issues in response to USM Anywhere alarms. As an example, here is an alarm for a ransomware infection.

Clicking the “Select Action” button presents a range of options to respond to this alarm.

After clicking the Jira option, you can easily create a related Jira issue. The Summary will be automatically filled in with the details of the alarm or vulnerability, and the Description will include some basic asset information. Both of these fields can be modified as needed. You can also select the appropriate Jira project and issue type to properly route the request.

As I previously mentioned, you can also automate this process for certain types of alarms or vulnerabilities by creating an orchestration rule. For example, if you always create remediation tickets for critical vulnerabilities, it makes sense to fully automate that step to further optimize your time to response.

Whichever approach you use to create Jira issues from USM Anywhere, you can monitor the status of the issues directly from the Issues tab of the app.

Conclusion

Given the ever-increasing volume of threats facing resource-constrained security teams, the ability to optimize response activities by removing manual steps with automation becomes paramount. USM Anywhere simplifies and streamlines incident response by seamlessly integrating with market-leading ticketing systems like Jira and ServiceNow, helping you to reduce your time to response and closing the window of opportunity for attackers.

Try It for Yourself

The AlienApp for Jira is included for all USM Anywhere customers at no extra charge and joins a growing family of AlienApps that includes Microsoft Office 365, Google G Suite, Cisco Umbrella, Carbon Black, and others.

Check out our Interactive Online Demo now (no download or installation required) to see how AlienApps like the AlienApp for Jira can help your organization work more efficiently to reduce the time between threat detection and response.

 

      

Article Link: http://feeds.feedblitz.com/~/473471728/0/alienvault-blogs~Streamline-Incident-Response-with-USM-Anywhere-and-Jira