How ControlUp Uses Blink to Automate Security Workflows

Discover how ControlUp leveraged Blink to automate security workflows, reduce manual tasks, and enhance cloud security operations, saving valuable time and resources

Brad Johnson
Author
Jan 24, 2023
 • 
 min read
Share this post

Reduce MTTR with 5000+ DevOps and SecOps automations

Most companies invest major resources into their security automation tooling and still come up short on their cloud and security operations goals. That’s because SecOps automation means more than just integrating services into your SIEM and SOAR platform and getting alerts. 

Cloud security engineers continuously receive alerts and must take action fast, often across multiple cloud platforms. This means logging in and out of different tools, manual data enrichment tasks, creating Slack channels, notifying affected stakeholders, and then closing and monitoring the alert. Meanwhile, there are actions that must be taken across your cloud infrastructure that cannot be automated by SIEM or SOAR.

ControlUp Technologies operates a cloud-native platform that empowers enterprise IT teams to better support employees with remote IT services. Eitan Oscar, SecOps Team Leader for ControlUp, manages their security operations, including approvals for new security projects. His team of two SecOps engineers collaborates with DevOps to monitor detections and security alerts, identify security gaps, manage vulnerabilities and fixes, and create security tasks for DevOps and IT teams.

In the past, ControlUp SecOps relied on PowerShell and Python scripts or Microsoft Logic Apps to orchestrate security operations. But with 3+ years experience building cloud and security workflows this way, Eitan’s team needed a more sustainable approach to security workflow automation. Soon, they began exploring no-code platforms like Blink.

Problem: Managing QRadar Security Alerts in Azure DevOps

ControlUp uses QRadar as their SIEM platform, which generates hundreds of alerts per week. Before Blink, ControlUp’s SecOps team manually handled security alerts from QRadar and duplicated them as work items in Azure DevOps for the DevOps team to resolve. They had to manually search for alerts, understand the issue context, reach out to the affected user and handle the issue, confirm resolution, and then close the alert. This was a manual process that could take over one hour for a single alert, consuming too much time for Eitan and ControlUp’s small SecOps team. 

Solution: Use Blink to synchronize security alerts between QRadar and Azure DevOps

ControlUp created a Blink workflow that gets triggered by security alerts from their SIEM. Every QRadar security alert now gets automatically created as a work item in Azure Devops. The DevOps team now sees details about the security alert without grant permissions to the SIEM. When a work item is closed in Azure DevOps, Blink automatically closes the alert in QRadar. Blink transformed a process that took over an hour into a simple automation they can run in seconds, saving ControlUp an estimated 30 hours per week.

“After creating our first QRadar automation, we realized the value of this platform. With Blink you don’t need to know how to develop code, you just need to describe the logic. Blink helps me prove the value of automating our daily tasks.”
– Eitan Oscar, SecOps Team Leader, ControlUp

Problem: Scanning Agent Groups for Vulnerabilities using Tenable

ControlUp uses Tenable to scan for security vulnerabilities, which requires installing agents on different users’ devices. To ensure devices maintain compliance, Eitan creates groups of Tenable agents by account. Every group is scanned at different times. Each time they scanned different groups, tedious manual changes needed to be made every time.

Solution: Schedule Tenable Scans with Blink

ControlUp uses a Blink automation to run Tenable scans on-demand or via schedule. Blink makes it easy to create complex workflows with branch logic for different groups without manual changes before each scan. The ControlUp team has already created 2 different automations to scan their cloud accounts, saving them 4 additional hours every month. This is a significant savings for a small 3-person team.

“I don’t need to make manual changes anymore. With Blink automating our Tenable scans, now I have confidence that all the agents are scanned on a regular basis.” 
– Eitan Oscar, SecOps Team Leader, ControlUp

Problem: Taking Action in CrowdStrike without Adding Permissions

ControlUp uses CrowdStrike as their EDR/XDR tool for identifying threats to endpoint devices. Frequently, ControlUp’s DevOps team needed temporary access to CrowdStrike in order to administer CrowdStrike sensors. This required manual approvals from the SecOps team which could take upwards of 2 days to review and slow down the project.

Solution: Set Up Approval Steps with Blink Automations

Adopting Blink simplified actions like removing sensors or adding approval steps to CrowdStrike alert response workflows. ControlUp is now creating workflows that make it possible for DevOps to take action in CrowdStrike on-demand, without ever granting them permissions to CrowdStrike. 

“Blink has already improved and is still improving my day-to-day cloud and security operations. I am eager to keep automating with Blink, and transform all our manual SecOps actions with Blink so I can continue to save additional human resources.”
– Eitan Oscar, SecOps Team Leader, ControlUp

Leveraging Automation to Save Money and Human Resources

Blink gives cloud security teams the tools to automate their most critical SecOps workflows. Using Blink, SecOps teams can quickly integrate with cloud services and rapidly compose no-code actions into simple or complex workflows. Blink has already enabled ControlUp to create 100 workflows across different platforms and handle approximately 15% of their alerts using Blink automations, saving the cost of hiring an additional full-time security analyst. Additionally, ControlUp is planning to automate 40% of their existing alert workflows with Blink over the next two months.

“Today it’s faster for us to create new cloud workflows. We don’t need to learn all the authentication steps and syntax of each product anymore. We are saving time and money on human resources. Most organizations are administering their cloud applications manually. When cloud maintenance is required, we want to use Blink automations wherever possible.”
– Eitan Oscar, SecOps Team Leader, ControlUp

Better No-Code Automation for CloudOps Teams

Blink increases productivity, reduces costs, and helps you do the things you do best, better. We do it for companies big and small across many industries, every single day. Check out our DevOps & FinOps operations use case and learn what we can do for you. 

It only takes a few minutes to get started with Blink, the force multiplier that helps your DevOps or SecOps teams achieve operational excellence.

Expert Tip

No items found.