Jun 2, 2022
6 Things to Consider Before Automating Your Security Processes
Read More
As more organizations discontinue internal services and begin adopting an increasing number of third-party *aaS-based services, ensuring the appropriate access is revoked in a timely manner is critical. By using our new employee off-boarding use case, you can automatically gather historical data, add a user to a monitoring watch list, and finally remove access when it is time to off-board an employee.
The employee off-boarding use case contains two distinct applications to assist an organization with managing their employee off-boarding process. The first is the employee application, which contains all relevant information about the employee as well as references to the second application: assets. The assets application contains individual assets to which the employee has access. These assets can be applications, services or hardware.
Our employee off-boarding use case enables an organization to automatically schedule an employee’s off-boarding from either an email sent from your HR department or from an existing ticketing system. Once ingested, an employee off-boarding action date is either set or configured by a security analyst.
An asset can be manually assigned to a user, or your Swimlane admin can define a standard set of assets that all users have access to. This way, when a new employee off-boarding case is created, there are default associated services for each employee within your organization.
The employee off-boarding use case has several different statuses that describe different parts of the off-boarding process: new, scheduled, overdue and closed.
Once a new off-boarding request is created in Swimlane, the application will immediately begin pulling information about the user from LDAP, Active Directory or Azure Active Directory. If you would like Swimlane to pull from a different location, you can do so easily by using another bundle we provide or writing your own custom integration using Python.
Once an action date is set, Swimlane will query your security information and event management (SIEM) for any additional data that is relevant to this. employee’s off-boarding request.
Swimlane will also automatically retrieve host logs by either leveraging an EDR solution or a combination of WMI and Windows PowerShell. This information is collected and stored on the employee off-boarding record for future review.
Once we have retrieved an employee’s relevant information, we then begin our off-boarding procedure by first disabling any relevant accounts/services used by the employee, as well as isolating their host machine. Any additional off-boarding procedures that may be required by your organization can be added using any number of our integrations and minor changes to this application’s workflow.
Application Enabled:
Application Disabled:
You can find our new employee off-boarding use case on AppHubb and join Josh Rickard and Jay Spann for their webinar discussing Swimlane and our new employee off-boarding use case.
Webinar: How to automate the employee off-boarding IT process with SOAR
Watch our on-demand webinar on how to automate the employee off-boarding process with SOAR. In this use case, we demonstrate how a SOAR platform can enable an organization to automatically gather historical data, add a user to a monitoring watch list, and remove access when an employee departs.
