SlackAsk

Laura, Zach, and their colleagues at Code42 are a small security team in a growing company, and we need the ability to scale our incident handling without necessarily growing our team. For this reason, our SOAR platform, Palo Alto XSOAR, is a vital part of the security ecosystem. 

In addition to accelerating detection through indicator identification and enrichment, we've identified an opportunity to use XSOAR to enable Empathetic Investigations in the cyber security space. This concept was pioneered by Insider Risk Management experts within Code42, and the Security Operations team is using their findings and strategies to perform the same kind of investigations with many other security events, not just insider risk events. 

In service of this, we are leveraging the Slack integration to facilitate communication with employees within the company when security boundaries are tread. By sending a friendly robot rather than an analyst, we are:

• reducing social pressure to respond to important, but not critical, security events

• creating greater awareness for our employees when they enter into privileged access space or interact with protected systems and data

• using analyst time efficiently by involving them in only unexpected security events

There is much more to say about "how to train your incident handling robots", but this presentation focused on how XSOAR and the Slack integration have been applied to performing Empathetic Investigations in our SOC.

Link - Note that you have to register for the Palo Alto Networks Symphony portal to view. Sorry for the inevitable vendor spam if you do!