Black Hat 2018: Swimlane and a Can of Whoop-@ss
If you’re in SecOps and feeling overwhelmed by an abundance of attackers and a shortage of good recruits for your team, we’ve got good news for you. Now, you can open up a good ol’ can of Whoop-@ss on the bad guys. Security automation Whoop-@ss, that is.
While he was of course far too refined to use this term in our discussion, I am convinced this was the very concept envisioned by Swimlane CEO Cody Cornell. Swimlane offers a solution for Security Automation and Orchestration (SAO). SAO automates routine cybersecurity tasks. It orchestrates workflows to help streamline incident response.
For instance, if an IDS discovers a suspicious binary, the SAO solution can automatically check a threat intel system and initiate a response process that includes automated email notifications, ticket creation and the like. The time saved makes the SecOps team more productive. As a result, the current security personnel shortage becomes less burdensome.
But about that can… Swimlane is also pioneering a community-oriented approach to security problem solving. Users of the solution are able to contribute their workflow patterns for common use. That way, if a Swimlane user develops an audit support workflow, he or she can make it public on the Swimlane community. Users at other organizations can then take advantage of the creator’s work.
Cornell refers to this as a “building block” approach to security. I like the idea of a can of whoop-@ss better. Got a security threat? Go to the shelf and get a can of Whoop-@ss designed to lick that problem right away. It’s fast. It’s efficient. It’s a serious, pre-packaged beatin’ for threats and security incidents.
Swimlane’s community now has pre-packaged workflow templates for a variety of scenarios and industries. There is a financial industry set of building blocks, one for healthcare and so on. Think of it as a supermarket aisle lined with different brands of SAO whoop-@ss in cans.
One further advantage of the community, according to Cornell, relates to its ability to establish and lock down security procedures. With today’s board-level focus on cyber security, it can be useful for the CISO to have a set of preset responses ready to go for a security incident. With tooling like Swimlane, outfitted with pre-packaged workflows, SecOps can execute a planned and proven set of procedures in the event of an attack or breach.
This readiness protects the CISO. He or she can tell the board, in essence, “I did exactly as I discussed, according to plan.” (But we know that he really just opened a big ol’ can of you-know-what on that hacker.)
Photo Credit: Leo Reynolds Flickr via Compfight cc