Every organization takes a unique approach to cybersecurity. For many, innovating beyond standard use cases and leveraging low-code security automation to codify unique company processes is necessary to ensure secure environments across various departments.
We recently sat down as part of Security Field Day to discuss how one of our Fortune 500 Financial Service customers matured their implementation of low-code security automation beyond common SOAR use cases and the security operations center (SOC).
Overcoming a Process Breakdown
After encountering a sophisticated phishing attempt using credentials exposed on the Dark Web, the company sought to understand what had left them vulnerable. Generally, organizations have security policies from both an endpoint and user perspective applied differently to those who travel for work, and those who don’t.
A breakdown in process was discovered between how these two groups were monitored, which led to a user who doesn’t usually travel becoming compromised while using hotel WiFi.
The company turned to Swimlane to implement a process that would allow HR and security to collaborate by changing the policies associated with any user before they travel. The SecOps team extended its use of low-code security automation (SOAR) from Swimlane by integrating a credential compromise monitoring service to reduce the likelihood of future compromises.
Creating New Workflows Using Swimlane
The financial organization put the power of low-code security automation within the Swimlane platform to work by building a UI/UX experience that connected the company’s HR platform to Swimlane.
By building out a workflow that tracks any time someone submits a travel request, the security team eliminated the need to log in to each of their security tools and instead leveraged the platform to connect to the various third-party APIs and pull the policy status together in one place.
Now, once HR receives tickets indicating someone will be traveling, it will map to designated fields within Swimlane, which will prompt conditional checks. During this process, data is ingested from the financial company’s identity provider, and data loss prevention (DLP) and User and Entity Behavior Analytics (UEBA) tools to understand whether there is a risk score associated with the employee.
Once those details are secured and the data is in one place within the Swimlane platform, the organization can then perform enforcement actions on behalf of that end-user making the travel request to ensure the proper safeguards are in place. This includes ensuring encryption is enabled on their workstation, as well as whether or not their endpoint detection and response (EDR) is up to date and configured, and two-factor authentication is enabled.
See for yourself
Learn how Swimlane can help scale company-wide security automation at your company. Request a demo to see for yourself.
Gartner: Create a SOC Target Operating Model to Drive Success
“Security and risk management leaders often struggle to convey the business value of their security operations centers to non security leaders, resulting in reduced investment, poor collaboration and eroding support…” — Access this Gartner SOC Operating Model report – courtesy of Swimlane.