The workflow is triggered when the Security Information and Event Management (SIEM) detects the change to the monitored privileged group. The automated process sends the necessary details to the administrator in an e-mail along with a defined list of possible responses for him to choose from.
The example workflow shown below gives the administrator the choice of responding with either an allow or reject message in a text format within an e-mail. As soon as the e-mail is sent, the automation technology proceeds to either document the acceptance or document and perform the appropriate remediation (removing the user from the group).
With automation, the administrator is presented with all the information necessary to make a decision, and therefore the total impact on his time is minimised.
Benefits of automating
Automating a security event management process has a number of significant benefits which provide both rapid and continuous return on investment. In addition to enabling security and compliance teams to focus their efforts more fully on critical issues, automation also reduces risk and drives down costs.
Just how can we reduce the risk? Some thoughts:
• Reduce the risk of human error by replacing manual steps, providing a more consistent response that lessens the chance of mishandling an event.
• Ensure policy compliance: Controls, such as audit records or segregation of duties, can be placed in automated processes to ensure compliance with policies related to industry or regulatory standards.
• Prevent information flight: Process Automation captures the knowledge of managing critical technologies and complex applications, helping to mitigate the potential risk from employee turnover.
• Optimise security personnel resources: Process automation helps to reduce labour costs by automating highly repetitive process steps, speeding process completion, and freeing up valuable security staff time to concentrate on tasks that are more critical for the business.
• Improve management tool ROI: Process automation can improve the ROI of existing IT management and security tool investments, because it leverages them to execute processes, avoiding the need to install and permission new tools.
• Reduce training requirements: IT processes are built and maintained using a simple drag-and-drop design, enabling operators and administrators to design, implement, and improve security processes without having to learn a scripting language.
It is clear that process automation offers the most immediate way to improve efficiency and drive down costs. At the same time, a strategy of automating and integrating security event management tools will provide considerable benefits over the long-term.
Hafid Saba is senior technical consultant, Asia Pacific, NetIQ.
Sign up for Computerworld eNewsletters.