Onboarding the Respond Analyst — Chapter 6

Onboarding the Respond Analyst — Chapter 6


Ed Amoroso

Mike Armistead

As I was learning about this, I remember you using an analogy like you’re hiring a live human being analyst there’s a process you go through and hiring a virtual on us that deployment is kind of similar to that I thought that was an interesting analogy. As you are deploying it are you initiating the analyst

Well it’s very simple process I think the things that we really focused on designing into the product was how can we simplify this because I think part of what security teams also struggle with is the the complexity of the tools and the fact that there’s lots of silos.. Yes, number one problem.

When you bring the Respond Analyst into your team you really do treat it like a person so show it what it needs to watch then you’re telling a little bit about yourself — what’s important what’s not and then it just starts on day 1. And what it does is it becomes more and more aware of the things in your environment it already is an expert coming in as far as what things that should look for a for maliciousness and you marry that with the specifics of what you do. I’ll give an example we have live where alert levels are in the hundreds of millions of the month and we will escalate 10- 15 a week so it’s not like we’re giving yet another alert and a bunch of events that seem separate but are really the same kind of attack we could try this together in an incident so we’re truly giving incidents two people to go investigate not here’s another alert to go investigate.