As a CISO, you know how difficult it is to recruit the best staff. Once you bring them on board, you must also work to retain them — after all, their skills are in short supply, and your competition may already be contacting them to gauge their interest in jumping ship. If your team members are being subjected to the tedious practice of working incidents through email or manually dealing with scores of routine alerts, their job satisfaction may plummet. Fortunately, Demisto has a better way to help your team achieve more with less effort.
What Can Demisto Do for You?
To illustrate the benefits of the Demisto platform, we would like to tell you about a conversation we recently had with a client we will call “Sally”. Sally revealed that she currently had between 80 and 90 emails in her inbox, all of which needed to be worked by her team. She was going to have to review each email, decide which team member should handle each one and then forward the emails to the different staff members assigned to each. She will have to follow up with every team member to track the progress on all of the incidents.
With the Demisto platform, however, Sally and her team members would be able to accomplish more in less time.
- After connecting a mailbox and setting the right filters as incidents, the platform will ingest the identified emails.
- Sally creates incident types for ingesting each particular type of incident. She can create as many incident types as she needs.
- Sally defines the incident management workflow in the playbook for the different incident types. This can include who looks at each incident type, how each should be handled, where the progress will be tracked, whether to close the incident with a feedback email and much more.
- Sally will be able to track the progress on every incident from the Demisto console, eliminating the need to contact each team member for updates.
- Sally's team members log in to the Demisto console to see the incidents assigned to them and review them for incident priority and deadline.
- If the associated playbook is designed to run immediately upon the creation of a particular type of incident, some of each staff member's assignments may have already been executed.
- Other incidents may be waiting for the team member to complete a particular task that will allow the balance of the automated workflow to execute.
- Team members have a tangible way to show their progress without the need to issue updates.
- Incidents can be assigned to specific team members while denying other staff access to the incidents, enabling enterprise-grade RBAC capabilities throughout the entire workflow.
How Much Time Is Saved?
Every incident is different, and no team produces consistent results when handling incidents. For illustrative purposes, assume that Sally spends 1 minute reviewing each email and team members spend 2 minutes reviewing their emails.
- Sally spends approximately 1.5 hours reviewing each email to determine whether it is a false positive or an actual incident and deciding which team member should be assigned.
- How is Sally tracking which team member was assigned to each incident? Assume that she maintains a log and spends another 20 minutes recording each entry in the log.
- Collectively, staff members spend approximately 3 hours reviewing their emails.
- Assume that 42 of the assigned incidents are routine, requiring little more than a one-click response that the staff members can complete in 10 seconds. This comes to 7 minutes.
- Team members spend another 7 minutes reporting the completion of the routine incidents.
- Sally records the completed incidents in her log, which takes her approximately 10 minutes.
So far, the total time spent comes to almost 5 hours to handle tasks that the Demisto platform could have handled automatically. In all likelihood, the actual times would be much longer, but even at more than 4 hours, the time savings would be significant for just 80 incidents. By the time that Sally arrived in the office, Demisto would have already sorted the incidents and assigned them to the proper staff member. The software would handle the tracking, and staff members would have updated the progress so that Sally would always be able to tell the exact status of every incident.
By freeing staff from mundane, repetitive tasks, they have more time to spend on "big picture" or critical issues. Accountability is enhanced, incidents are worked in a more timely manner, productivity is increased and the morale of the team members is improved. In short, it is a win-win scenario for everyone involved.