Home / Companies / Tines / Blog / March 2022

March 2022 Summaries

10 posts from Tines

Filter
Month: Year:
Post Summaries Back to Blog
A recent survey from Tines revealed that security analysts are frustrated by the amount of time spent on manual tasks such as reporting, monitoring, and detection, which detracts from their ability to focus on analysis, the core of their role. These repetitive and tedious tasks, which analysts favor the least, could be automated to allow them to engage in more strategic, high-impact work. The survey identified risk assessments, intelligence analysis, threat hunting, email phishing response, advanced triage, attack surface management, and vulnerability management as the top tasks analysts would prioritize for automation. By implementing no-code automation tools, security teams can enhance their efficiency and engagement, ultimately benefiting their organizations.
Mar 31, 2022 595 words in the original blog post.
"The Future of Security Operations" is a newly launched podcast that aims to explore the role of automation in enhancing security operations teams, particularly those without extensive programming skills. Hosted by a former DocuSign security team leader, the podcast will feature bi-weekly episodes with experts like MongoDB’s CISO Lena Smart. It seeks to address the common challenges faced by SecOps teams, which often spend a significant portion of their time on repetitive manual tasks, leading to burnout and decreased productivity. The podcast will highlight the potential of no-code automation as a transformative tool for security operations, offering insights, best practices, and actionable strategies from leaders who have successfully adopted automation in their teams. Listeners can expect to hear discussions about overcoming barriers to strategic security work and gaining practical knowledge to apply within their own teams, with episodes available on platforms like Apple Podcasts and Spotify.
Mar 28, 2022 411 words in the original blog post.
The blog post is a continuation of a series on using chatbots with Microsoft Teams, focusing on recent updates to the Tines platform and its integration with Microsoft Teams for enhanced automation. It outlines the process of setting up a chatbot in Microsoft Teams, creating a Microsoft application for authentication, and utilizing the updated client credentials flow in Tines to authenticate the chatbot. The post describes building an automation Story that uses alerts from Microsoft Sentinel to create JIRA tickets and notify security analysts via Teams. It also provides detailed instructions for setting up resources and credentials in Tines, fetching a team roster, and sending adaptive cards to specific users in Teams. Additionally, the post highlights the flexibility of integrating with various SIEMs, case management tools, and third-party services like Urlscan or VirusTotal to enrich the automation workflows.
Mar 24, 2022 1,783 words in the original blog post.
A recent survey of 468 full-time security analysts, conducted for the "Voice of the SOC Analyst" report, reveals that a significant portion of analysts are experiencing burnout and are considering job changes, indicating dissatisfaction with their current work conditions. Key challenges identified include understaffing, excessive time spent on manual tasks, lack of visibility into their work environment, poor processes, and an overwhelming number of alerts, all of which hinder productivity and contribute to disengagement. Additional issues such as leadership challenges, inadequate training, compliance difficulties, and outdated tools further exacerbate the situation, preventing analysts from performing optimally and increasing the risk of turnover. The report suggests that addressing these challenges by listening to and supporting security teams is crucial to enhancing their work experience and effectiveness.
Mar 21, 2022 756 words in the original blog post.
A Chief Information Security Officer (CISO) at a restaurant chain is focused on several key areas to enhance cybersecurity, including securing third-party access, improving customer identity and access management, advancing security awareness training, and investing in software assurance. The CISO has had to adjust their plans due to an increase in attacks on call centers, prompting a reevaluation of how secure access is provided to third parties. They aim to integrate employee and customer identity management into a single platform, a departure from traditional separate handling, especially significant for retail and digital consumer sectors. Security awareness training is being revamped to include role-based training and virtual simulations, while software assurance efforts are focused on screening for vulnerabilities in both developed and acquired software, including open-source packages. Additionally, there's a push to improve situational awareness and response, particularly regarding IoT devices in restaurants, as these devices become increasingly interconnected and integrated into the network, posing potential security risks. The CISO notes that strategic cybersecurity roadmaps have been disrupted since 2019 due to COVID-19, with ongoing uncertainty about prioritization among peers.
Mar 15, 2022 808 words in the original blog post.
SOC analysts are considering job switches due to understaffing and the cybersecurity industry's staffing shortages, with 63% likely to change jobs within a year. To retain their talent, organizations should focus on automating tedious tasks, providing modern tools with advanced capabilities, hiring additional staff, offering regular training, and consulting security teams on software purchases and upgrades. Analysts are frustrated with manual tasks, outdated tools, and being overworked, and they seek more engaging roles, improved resources, and involvement in decision-making processes. By addressing these areas, SOC leaders can enhance retention, improve workflows, and ensure a more engaged and satisfied team.
Mar 10, 2022 612 words in the original blog post.
As cyber threats become increasingly complex, security teams often struggle with multiple workflows across various tools, which is where the integration of Humio and Tines proves beneficial. Humio, a modern log aggregation, storage, and analysis tool, provides real-time visibility into log data, helping organizations identify and address security threats. Tines complements this by automating responses to alerts generated by Humio, significantly reducing response times and preventing potential breaches. Together, they enable organizations to automate actions based on cross-data event correlations, improving security focus and efficiency. In a practical application, Tines can query CrowdStrike for alerts, transform these into events, and filter out false positives before enriching the data and checking for prior occurrences in Humio. This automation extends to incident management systems like ServiceNow and ensures that alerts are stored for future reference. The combination of Humio's scalability and Tines' flexibility allows security teams to shift from reactive to proactive defenses, bolstering their overall security posture.
Mar 07, 2022 601 words in the original blog post.
Tines maintains a modern approach to work by offering optional remote engineering positions with flexible hours, while still providing access to office space and high-quality home office equipment. The team regularly meets in person to strengthen their culture and product, balancing work with social interaction. A typical day involves remote work that starts with checking Slack and email for updates and engaging in self-education. The day includes reviewing and providing feedback on GitHub pull requests, handling on-call duties, and collaborating with team members through daily sync calls and pair programming sessions. The afternoon is dedicated to working on tasks like implementing new features and addressing bugs, with an emphasis on small, manageable changes for efficiency. Regular breaks are taken to avoid prolonged sitting, and the day concludes with pushing changes and preparing for the next day. The company promotes a collaborative and agile work environment, encouraging continuous improvement and team engagement.
Mar 04, 2022 1,368 words in the original blog post.
Security teams face significant challenges due to understaffing, low budgets, and an overwhelming number of repetitive manual tasks, which prevent them from focusing on higher-impact projects that enhance organizational security. This issue, observed over fifteen years of experience in incident response and leading security teams, leads to analyst burnout and costly human errors. To better understand the current state of Security Operations Center (SOC) analysts, a survey titled "Voice of the SOC Analyst" was conducted, revealing that despite their passion and engagement, analysts are hindered by inefficient processes and excessive alerts. The project aims to help security leaders streamline processes, reduce burnout, increase retention, and improve work environments for analysts, utilizing the findings to navigate through 2022 effectively.
Mar 03, 2022 282 words in the original blog post.
APIs are crucial for building integrations and enabling technology scalability, particularly in industries like cybersecurity, where an API-first approach is becoming increasingly important. Although many assume that larger software companies have superior APIs, success in this area is more about maintaining updated protocols and effective documentation, rather than size or reputation. Common API issues include inadequate documentation, lack of standardization, poor accessibility, and insufficient flexibility, which can frustrate both developers and non-technical users. The best APIs are those that facilitate seamless feature integration, data collection, and technology automation, with companies like Stripe and Twilio setting high standards. Tines emphasizes the importance of using a modular tech stack and robust APIs for digital transformation, recommending HTTP-based interoperability standards for efficient tool integration without unnecessary human intervention.
Mar 02, 2022 982 words in the original blog post.