Threat Detection and Incident Response Orchestration Systems

by Feb 23, 2017 Karine Margaryan

11491207025641.png

Recently OpsGenie hosted a joint webinar with Signal Sciences, where Berkay Mollamustafaoglu, OpsGenie Co-Founder and CEO and Zane Lackey, Founder/CSO, Signal Sciences Corp, discussed how to secure your web applications using OpsGenie and Signal Sciences. 

Watch the webinar now!

It is possible to win the war against cyber attacks by combining incident response orchestration and threat detection systems, i.e. integrating OpsGenie with Signal Sciences. Detecting cyber threats and alerting is not enough, it is imperative to have an alert classification system, in order to understand which alert is worth taking actions and that the appropriate people are involved in the incident resolution process. 

Threat detection is not only important for Security Operations, but also for Development, System Administration and all other departments within an organization to solve performance or security issues while responding to them as fast as possible. Multiple participants are needed to solve any anomalous event and its quick execution depends on the content of the incident.

Fighting Alert Fatigue

Security issues were blockers not that long ago. Signal Sciences’ goal was to focus on empowering teams with security visibility within the entire organization and champion everyone to understand security data and issues. With the OpsGenie and Signal Sciences integration, it becomes possible to not only understand security alerts, but also classify them with severity levels without digging through thousands of log messages and sorting out the false positives from the real alerts.

Not all alerts are urgent and require a response, some of them are just warnings or informational. OpsGenie provides the opportunity to effectively classify alerts using different tags to differentiate critical or urgent alerts from those which have a minor impact on your IT infrastructure.

With the OpsGenie and Signal Sciences integration you can define response criteria for your security alerts. Do you need to notify people immediately, who to notify, when and in which order? If you try to respond all alerts the same way you will certainly miss lots of other, more crucial ones.

With OpsGenie you are able to respond to alerts in real time based on the content and urgency level without having to mine the relevant data in the logs.

How Signal Sciences and OpsGenie work together

Not all alerts reported are major incidents. With this integration you can configure Signal Sciences alerts in OpsGenie so that when Signal Sciences detects an anomaly in your system, an informative alert can be sent from Signal Sciences to OpsGenie explaining the nature of the alert. The urgency to respond to the alert depends on the state of it, i.e on the escalation policies, on-call schedules and severity tags you defined within Opsgenie. Based on these, you can acknowledge, close or respond to an alert as needed.

21491207025775.png

With the possibility to classify alerts you will stay away from the dreaded alert fatigue illness while  supporting your experts on the alerts that matter. With OpsGenie’s “Teams” organization, you will be able to involve the right people from different teams to quicken the incident response time. Hence, you will never miss critical alerts

Benefits of Signal Sciences and OpsGenie Integration

  • Decreased MTTA and MTTR
  • Time-wise escalation policies by notifying only the people and teams on-call
  • No (minor) impact on web application security incidents
  • Single visibility to security incident resolution
  • Involving the right people at the right layer

OpsGenie’s key concept is to let you design actionable alerts where alert response is a part of alert. Integrate OpsGenie with Signal Sciences now and protect your web applications from security threats.