Most security operations teams are burdened by overwhelming operational tempo and imperfect implementations of technology, people and process. Organizations face ever evolving and disruptive threats, a shortage of qualified security personnel and the need to manage and monitor growing IT estates. In response, security orchestration, automation and response (SOAR) is helping businesses of all sizes to improve their ability to swiftly detect and respond to attacks.
As we have learned from recent high-profile breaches at Equifax and NordVPN, machine identities are at great risk of compromise when not protected. They require visibility, intelligence and automation. But that vigilance requires effort some feel they don’t have. Not so!
Recently I had the opportunity to meet with Swimlane, who is a leader in SOAR technology. As part of the Machine Identity Management Development Fund, Swimlane has built a Machine Identity Management Plugin that integrates with their SOAR solution. In this continuing interview series with developers, I am speaking with Josh Rickard who is a Security Research Engineer at Swimlane.
Tell me about Swimlane and the mission for your customers.
Josh: Swimlane was founded to deliver scalable, innovative and flexible security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages. Swimlane is at the forefront of the growing market for security automation and orchestration solutions that automate and organize security processes in repeatable ways to get the most out of available resources and accelerate incident response. Swimlane offers a broad array of features aimed at helping organizations to address both simple and complex security activities, from prioritizing alerts to remediating threats and improving performance across the entire operation.
Describe for me the machine identity management challenge you were aiming to solve as part of the Development Fund.
Josh: The Global 5000 is using SOAR to drive and coordinate rapid response to incidents. SOAR combines proven, cross-functional workflows with automation to quickly reduce risk and recover from an incident. However, there have been no SOAR response use cases for machine identities (even though some SOAR platforms do support the Venafi Platform for scripting lifecycle functions). This Development Fund project delivers standard, responsible workflows for automated response to machine identity incidents.
What has Swimlane created for Venafi customers?
Josh: Venafi customers can now confidently respond to incidents where machine identities could be compromised. Swimlane Machine Identity Management plugin drives coordinated and automated response for TLS, SSH and code signing machine identities. It’s now available on Swimlane AppHub.
How will organizations benefit from using the Swimlane integration with Venafi?
Josh: Swimlane applications and workflows tie automation and orchestration capabilities together with analyst activity. This allows the analyst to access all relevant case data from within the app, review evidence, and initiate additional investigation and enforcement actions. Applications and workflows can be fully customized, enabling the analyst experience and orchestration actions to be tailored to any environment. Reports and dashboards can be quickly created from any datapoint in an application, providing deep insight and metrics across both analyst and automated system activity. By developing automated response actions and workflows, Swimlane enables security teams to quickly reduce risk and recover from breaches. With the Venafi plugin, customers can:
- Document response actions across functions
- Automate response through the Venafi Platform, using REST APIs to replace/rotate TLS, SSH and code signing machine identities
- Confirm and report on completion of incident response for machine identities
Learn more about Swimlane’s Machine Identity Management plugin today from the Venafi Marketplace. And stay tuned for future interviews with Machine Identity Management Development Fund recipients.