Free community edition

Request a demo

Security Operations Is a Team Sport…(At Least If You Want to Win)

Back to all articles

security operations team sport 2

Whether you work in a SOC, a security team, an incident response team, or as a one-person team, the chances are your day to day operations are performed in a bit of a silo.

Although security operations have emerged from the shadows more recently and has become a more integrated part of many large enterprises, the pace at which most security operations teams must work on a daily basis often requires a head down approach, working with other teams only when needed. This can place many security operations teams at a significant disadvantage when a large event takes place and external teams must be quickly and seamlessly brought into the fold.

As a former incident response consultant, I have seen how effective an organization can be during an incident when all security operations teams are working as a single, unified group, as well as the chaos that can ensue when different teams in the organization work in isolation. Having the right tools and people in place are critical components for a successful incident response program. However, even with all the right tools and people in place, organizations cannot effectively and efficiently respond to a security incident without two absolute requirements; planning and communication.

Requirements For an Effective Incident Response

  • Planning

In the context of a coordinated team response, planning involves knowing who to contact and when. While this may seem an obvious and simple task, during a large-scale incident, it can be anything but. If someone on the security operations team needs to contact someone from development, human resources, legal or corporate communications off-hours, do they know who to contact and how? Spending time figuring this out while in the midst of a security incident delays the security operations team access to the resources they need and wastes valuable team resources on a task which should be immediate and effortless.

  • Communication

Efficient communication is an essential component of a successful response to any security incident. While this may be a simple process during a smaller security incident, it becomes exponentially more difficult as the incident grows in size and complexity. Communication cannot end once teams have been notified; incidents are constantly evolving, goals and objectives will change, and all teams must be constantly updated with the latest information. In many cases, communication must also extend beyond those directly involved in responding to the security incident. In some cases, it may be necessary to notify those who may be impacted by the incident and to keep them updated as well.

DFLabs & PagerDuty: Ensuring the Most Effective Incident Response

PagerDuty has long been recognized as a leader in the IT monitoring and notification space, and their experience in this space has made them the perfect solution to these security operations challenges. With PagerDuty, organizations can easily manage their on-call scheduling, event notification, and escalation policies. When combined with the automation and orchestration power of DFLabs’ SOAR solution, IncMan SOAR, PagerDuty allows the right assets to be instantly notified of any event automatically and is constantly updated as the incident evolves to ensure the most effective and efficient response possible.

If your organization wants to win, you can find out more about being a team player in our upcoming webinar, "Unify Operations for Effective Incident Response: DFLabs and PagerDuty Use Case” being held on May 15, 2019 at 11am ET / 4pm BST. Learn about the DFLabs and PagerDuty integration and how together they can combine business communications to improve incident response efforts, hosted by myself and guest presenter George Miranda, Community Advocate from PagerDuty.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo