Hackers get the bulk of attention when it comes to cyber-attacks. However, when you look deeper at security incidents, there is often a social/human component. These social attacks are focused on the human point of weakness in an organization’s security defenses.
Human actions that can lead to security compromise include:
- Weak passwords
- Clicking on Phishing links
- Use of public Wi-Fi
- Use of USB devices
- Clicking on risky apps
- Visiting risky websites
To address the above problems, most enterprises today use “cookie-cutter” approaches where all employees are sent the same phishing simulation or the same quarterly training. This approach often does not target at-risk users at the critical moment when a potential attack is in progress, or with enough frequency to remain top of mind for employees. It is also hard for CISOs to pinpoint the effectiveness of such training efforts.
The SecurityAdvisor and Demisto integration brings a unique approach to helping organizations inject cyber-awareness into their culture by incorporating end user coaching into incident response workflows via automated playbooks.
Here, SOC teams can directly engage with at-risk users and coach them on the risks they face by leveraging SOAR playbooks. The diagram below summarizes this approach:
We can now directly coach users at the right teachable moments, by seamlessly integrating coaching tasks into the incident response playbooks that customers are already using. A couple of examples focused on the two most common teachable moment use cases are shown below.
Figure 2: Coaching end users using a Phishing playbook
Figure 3: Coaching users using a Malware Analysis and Enrichment playbook
As shown above, by injecting a coaching task within a playbook, SOC analysts can direct end users to consume SecurityAdvisor’s unique micro content. SecurityAdvisor content includes short messages, pop ups, comics (shown below), games, traditional training modules.
Figure 4: SecurityAdvisor recommends short messages, pop ups, comics and more
The Demisto and SecurityAdvisor integration delivers a unique approach to building cyber-immunity across an organization through personalized and bite size tips delivered to “at-risk” users via automated playbooks.
We hope you found this integration overview useful. To explore Demisto in greater detail, you can download our free community edition below.