incident response

How automated workflows and public APIs help improve incident response

Print Friendly, PDF & Email

Email threats continue to plague organizations of all sizes, with a reported 75% of organizations globally experiencing a phishing attack in 2020. Cybercriminals continue to effectively leverage social engineering to divert gateway security solutions and get their messages into user mailboxes, forcing organizations to rethink their email security strategy.

A singular focus on prevention will not keep businesses safe from email threats, though. Having security solutions that enable efficient response to attacks post-delivery is vital to keeping your valuable data protected.

Organizations that develop and document an incident response strategy greatly reduce potential data, financial, or reputation loss. According to a recent Ponemon study, incident response (IR) preparedness was the highest cost saver for businesses, cutting average losses by nearly half. So, it makes sense that more organizations have begun to implement incident response playbooks, with adoption growing 44% since 2015, according to the same study.

Cybersecurity preparedness doesn’t come without its challenges. Many organizations lack both the security solutions and IT resources necessary to execute consistent, effective incident response. Response workflows often require repetitive, manual processes that drain already stretched IT teams. Additionally, because of the ever-changing nature of security threats, response can be highly variable, depending greatly on the type of incident, affected assets, and users involved. Automation is one way to help overcome these challenges.

What’s new in Barracuda’s Incident Response platform

Automation and interoperability can greatly improve the efficiency and effectiveness of incident response procedures. In addition to it’s existing functionality, we’ve recently introduced several features in our Incident Response platform to help customers maximize their ability to mitigate security risks across multiple threat vectors. When we recently surveyed our Incident Response customers, one-half requested the ability to respond using external connectors to their SOAR/SIEM/XDR platforms, and the other half requested automated workflows to be supported within the product. We built both.

“We asked Barracuda for a simplified way to run incident response playbooks- we are so excited that they’ve delivered. It’s a testament to how Barracuda listens and works with customers to help us solve the issues we are facing with regards to protecting our business information and our people’s sensitive data.”

Brian Morris, Gray Television

Public APIs and syslog events allow our customers to integrate Incident Response data with their SOAR/SIEM/XDR platforms to automate response across a variety of solutions. Automated Workflows enables IT admins to build custom playbooks to completely automate their incident response, saving them time and eliminating duplicate efforts.

Not every organization will want to respond to email incidents the same way. With Automated Workflows, admins can build a playbook that meets their specific needs for individual use cases. Administrators at any technical level can create a workflow by defining a trigger, determining conditions, and assigning the desired actions through a streamlined user interface. When a workflow is triggered, administrators can choose to receive a notification via Slack, email, or both, and they can review the details of the actions carried out. Workflows can easily be paused or modified at any time.

The ability to completely automate Incident Response will benefit organizations of all sizes, especially businesses with smaller IT Teams. This new functionality eliminates the need for monotonous manual activity that’s required when recovering from a security event. Larger organizations may leverage a SIEM/ SOAR/XDR solution for similar functionality. Barracuda customers that also use a SOAR/SIEM/XDR can now use Public APIs and syslog events to integrate Barracuda Incident Response data with their external platform.

Organizations that have yet to develop incident response playbooks or have struggled to adopt a consistent response strategy across their organization will greatly benefit from the latest Barracuda Incident Response capabilities. With Automated Workflows and Public APIs, IT teams can ensure complete and consistent response to security events while preserving IT resources.

If you have a use-case specific to your organization that you want to see included as part of Automated Workflows, message us here: emailproductfeedback@barracuda.com

Respond faster to email attacks.

Scroll to top
Tweet
Share
Share