{"id":780,"date":"2023-10-31T17:08:37","date_gmt":"2023-10-31T17:08:37","guid":{"rendered":"https:\/\/fde.cat\/index.php\/2023\/10\/31\/new-automation-tools-stopping-hundreds-of-future-threats-instantly\/"},"modified":"2023-10-31T17:08:37","modified_gmt":"2023-10-31T17:08:37","slug":"new-automation-tools-stopping-hundreds-of-future-threats-instantly","status":"publish","type":"post","link":"https:\/\/fde.cat\/index.php\/2023\/10\/31\/new-automation-tools-stopping-hundreds-of-future-threats-instantly\/","title":{"rendered":"New Automation Tools: Stopping Hundreds of Future Threats Instantly"},"content":{"rendered":"

By Yogi Kapur and Scott Nyberg<\/em><\/p>\n

In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional journeys that have shaped Salesforce Engineering leaders. Meet Yogi Kapur, Senior Director of Salesforce\u2019s Global Computer Security Incident Response Team (CSIRT). Based in Hyderabad, India, Yogi leads his cybersecurity analyst team in responding to countless alerts and containing malicious threats.<\/p>\n

Read on to learn how Yogi has taken threat response to the next level by incorporating cutting-edge automation tools, enabling his team to scale their protection efforts and adapt to an evolving threat landscape.<\/p>\n

What is your team\u2019s mission?<\/strong><\/h4>\n

My team serves as the frontline of defense, protecting Salesforce customer data and employee data. Our mission remains highly dynamic and multifaceted. From staying one step ahead of malicious actors and novel vulnerabilities to incorporating new tools that strengthen our cyber defenses and exceed regulation requirements, our team constantly navigates an unparalleled pace of change.<\/p>\n

Yogi explains what makes Salesforce Engineering\u2019s culture unique.<\/em><\/p>\n

What\u2019s the biggest challenge your team has faced?<\/strong><\/h4>\n

Our team operates under strict Service Level Agreements, requiring us to efficiently support countless cases and account for sudden surges \u2014 when hundreds of alerts sprouted simultaneously.<\/p>\n

To meet that strenuous demand, our team formulatedan automated categorization solution by closely collaborating with Salesforce\u2019s threat intelligence team. We also introduced risk ratings \u2014 enabling us to reevaluate the priority of new alerts, as not every notification needs equal attention.<\/p>\n

This enabled our analysts to focus on highly critical cases while empowering automation to manage less severe cases, ensuring every case across the organization is addressed.<\/p>\n

\n

How would you describe your automated categorization solution?<\/strong><\/h4>\n
\n

Our automation approach encompasses three categories:<\/p>\n

The first category of our automation focuses on user engagement through Slackbot<\/a>-type functionality.<\/strong> In this context, our team has developed a system that automatically follows up with users via Slack<\/a>, particularly when responding to security events and alerts.
For example,<\/em> when an event requires user validation, the Slackbot automation retrieves user details from the alerts and initiates immediate communication. It then sends messages to the users and continues to follow up with them at regular intervals, significantly reducing the manual effort and time analysts would otherwise spend on this task. This approach ensures timely and efficient user engagement and response, enhancing our overall security operations.<\/p>\n

The second category uses autoresponders to handle specific issues<\/strong>. For example, in situations where unsolicited external emails are sent to company employees and generate numerous complaints, autoresponder rules are activated. These rules automatically close similar subsequent emails by sending a predefined response.<\/p>\n

The third category automates some end-to-end playbooks that are tailored for specific issues<\/strong>. Playbooks differ in complexity \u2014 some can be fully automated while others involve sophisticated steps that require human analysts.<\/p>\n<\/div>\n<\/div>\n

Your team investigates a massive volume of internal emails. What role does automation play in the process?<\/strong><\/h4>\n

Automation has helped us successfully close up to 50% of spam and legitimate email cases \u2014 radically reducing our workload by eliminating time-consuming manual checks on individual incidents.<\/p>\n

To spot possible security threats, such as phishing attempts, the automation system scrutinizes email headers \u2014 checking them against its historical record for untrustworthy sources \u2014 and flags malicious instances, which are then rapidly removed from affected employees\u2019 inboxes.<\/p>\n

Yogi explains what it\u2019s like to work for Salesforce.<\/em><\/p>\n

How is your team structured?<\/strong><\/h4>\n
\n

To maximize the efficiency of our CSIRT team and seamlessly address every security instance, we have adopted four tiers of support:<\/p>\n

\n

Tier Zero: Automation<\/strong>. Removing the need for human management, Tier Zero automation systems leverage machine learning based on historical data. Automation streamlines processes by supporting routine and repetitive tasks.<\/p>\n

Tier One: The Screeners. <\/strong>Tier One analysts handle the initial response of incidents and all incoming security-related issues. They tackle less severe security incidents, which are actually the most common issues CSIRT faces, and elevate more serious matters.<\/p>\n

Tier Two: The Investigators. <\/strong>This team analyzes potentially malicious cases flagged by Salesforce\u2019s threat detection team<\/a> and Tier One analysts or any other third party tools\/sources. Conducting in-depth investigations, the team manages medium-to-high level day-to-day security issues and loops in Tier 3 where needed.<\/p>\n

Tier Three: The Threat Hunters. <\/strong>Tier Three is composed of highly experienced security experts who combine the skill of proactive threat hunting with reactive breach response. Additionally, they act as security architects, playing a central role in devising cyber defenses that help safeguard Salesforce and its customers from future threats.<\/p>\n<\/div>\n<\/div>\n

\n

Learn more<\/strong><\/h4>\n

Read this blog<\/a> to learn how India\u2019s threat detection team combines advanced correlation and automation platforms to manage millions of daily alerts.<\/p>\n

Stay connected \u2014 join our Talent Community<\/a>!<\/p>\n

Check out our Technology and Product teams<\/a> to learn how you can get involved.<\/p>\n

Discover the latest best practices for cybersecurity. Check out the Salesforce Security Blog<\/a>.<\/p>\n<\/div>\n

The post New Automation Tools: Stopping Hundreds of Future Threats Instantly<\/a> appeared first on Salesforce Engineering Blog<\/a>.<\/p>\n

Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"

By Yogi Kapur and Scott Nyberg In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional journeys that have shaped Salesforce Engineering leaders. Meet Yogi Kapur, Senior Director of Salesforce\u2019s Global Computer Security Incident Response Team (CSIRT). Based in Hyderabad, India, Yogi leads his cybersecurity analyst team in responding to countless alerts and containing malicious… Continue reading New Automation Tools: Stopping Hundreds of Future Threats Instantly<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-780","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":788,"url":"https:\/\/fde.cat\/index.php\/2023\/10\/31\/new-automation-tools-stopping-hundreds-of-future-threats-instantly-2\/","url_meta":{"origin":780,"position":0},"title":"New Automation Tools: Stopping Hundreds of Future Threats Instantly","date":"October 31, 2023","format":false,"excerpt":"By Yogi Kapur and Scott Nyberg In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional journeys that have shaped Salesforce Engineering leaders. Meet Yogi Kapur, Senior Director of Salesforce\u2019s Global Computer Security Incident Response Team (CSIRT). Based in Hyderabad, India, Yogi leads his cybersecurity analyst team in responding to\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":726,"url":"https:\/\/fde.cat\/index.php\/2023\/06\/21\/tackling-cyber-threats-with-automation-inside-salesforces-cutting-edge-security-strategy\/","url_meta":{"origin":780,"position":1},"title":"Tackling Cyber Threats with Automation: Inside Salesforce\u2019s Cutting-edge Security Strategy","date":"June 21, 2023","format":false,"excerpt":"In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional journeys that have shaped Salesforce Engineering leaders. In this special edition, we meet Avinash Reddy Thumma, lead threat detection engineer for Salesforce. Based in Hyderabad, India, Avinash\u2019s threat detection team specializes in protecting Salesforce\u2019s network by thwarting malicious threats. Read\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":754,"url":"https:\/\/fde.cat\/index.php\/2023\/08\/29\/data-enrichment-and-automation-helping-salesforce-security-overcome-the-threat-identification-challenge\/","url_meta":{"origin":780,"position":2},"title":"Data Enrichment and Automation: Helping Salesforce Security Overcome the Threat Identification Challenge","date":"August 29, 2023","format":false,"excerpt":"By Matt Saunders and Scott Nyberg In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional life experiences that have shaped Salesforce Engineering leaders. Meet Matt Saunders, a Principal Member of the Technical Staff at Salesforce, supporting the Detection and Response Machine Learning team. In his role, Matt focuses on\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":790,"url":"https:\/\/fde.cat\/index.php\/2023\/08\/29\/data-enrichment-and-automation-helping-salesforce-security-overcome-the-threat-identification-challenge-2\/","url_meta":{"origin":780,"position":3},"title":"Data Enrichment and Automation: Helping Salesforce Security Overcome the Threat Identification Challenge","date":"August 29, 2023","format":false,"excerpt":"By Matt Saunders and Scott Nyberg In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional life experiences that have shaped Salesforce Engineering leaders. Meet Matt Saunders, a Principal Member of the Technical Staff at Salesforce, supporting the Detection and Response Machine Learning team. In his role, Matt focuses on\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":816,"url":"https:\/\/fde.cat\/index.php\/2024\/01\/23\/the-power-of-ai-strengthening-application-security-by-eliminating-secrets-in-code\/","url_meta":{"origin":780,"position":4},"title":"The Power of AI: Strengthening Application Security by Eliminating Secrets in Code","date":"January 23, 2024","format":false,"excerpt":"By Krishna Pandey and Scott Nyberg. In our \u201cEngineering Energizers\u201d Q&A series, we examine the professional journeys that have shaped Salesforce Engineering leaders. Meet Krishna Pandey, Director of Security Engineering at Salesforce. Based in Bangalore, India, his Application Security Technology (AST) team powers Salesforce\u2019s source code security program, charged with\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":881,"url":"https:\/\/fde.cat\/index.php\/2024\/06\/14\/25-productivity-tools-that-power-salesforce-engineering-teams\/","url_meta":{"origin":780,"position":5},"title":"25 Productivity Tools that Power Salesforce Engineering Teams","date":"June 14, 2024","format":false,"excerpt":"In this special edition of \u201cEngineering Energizers,\u201d we\u2019re celebrating Salesforce\u2019s 25th anniversary by showcasing 25 key productivity tools favored by leading engineers at Salesforce across India, the U.S., Israel, and Argentina. Explore the essential tools these experts rely on to enhance their productivity, tackle complex problems, and elevate innovation. 1.\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/comments?post=780"}],"version-history":[{"count":0,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/780\/revisions"}],"wp:attachment":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/media?parent=780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/categories?post=780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/tags?post=780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}