From Manual Processes to AI-Powered Automation with Blink
Tom Dixon, a security solutions engineer at Blink Ops, shares his journey from manual tasks to AI-powered automation with Blink.
Tom Dixon, a security solutions engineer at Blink Ops, shares his journey from manual tasks to AI-powered automation with Blink.
Back some 20 years ago, when I worked at what is now known as the Joint Cyber Unit as part of the British Military, we had a standard playbook that we would often follow after we received an alert from our IDS. We would review the alert and understand its intention, try to establish what the devices involved were, the associated users and system owners, and most importantly, determine if the host was vulnerable and if the attack was successful. This process sounds pretty simple until you factor in handling hundreds, if not thousands, of alerts each day.
Back then, early in my career, while I managed to streamline processes and became familiar with certain alert types, things still took too long and were less than optimal. We managed to improve many steps, like searching through PCAPs, and eventually had access to a system that provided a basic level of alert prioritization. However, the level of alerts never reduced and, if anything, kept increasing.
When I moved onto the team managing the monitoring systems and creating and testing new detection content, a new set of repetitive tasks and challenges arose. While my bash skills helped somewhat, I candidly had no idea where to start with Python, so many of the tasks remained manual and highly time-consuming.
It wasn’t until 2017 when Gartner coined the term Security Orchestration, Automation, and Response (SOAR) and dedicated platforms started to appear, attempting to solve many of the challenges I and the rest of my team faced. While these products provided a good platform to build automation capability on, they still required a lot of knowledge and experience in programming and took a ‘high code’ approach. They also required master knowledge of the APIs you were working with, knowing how data had to be sent and how it was going to be received.
And that brings me to why I joined Blink Ops.
The first time I saw a demo of Blink, my first thought was “Wow! That’s what we should be leveraging AI for!” Not using AI to claim it will help solve my sleeping issues by putting it in a ‘smart mattress.’
With Blink, everyone has access to automation. You just need to use your imagination and tell our copilot in a natural language prompt what you want to automate, and it takes care of the rest.
For example:
On a new alert from Panther, if it is critical:
• Open a new Case in Blink
• Create a new incident in ServiceNow
• Suspend the user’s account in Okta
• Quarantine the host with CrowdStrike
• Send a message to the #SOC channel in Microsoft Teams
• Email On-call details
Or,
On a new AWS CloudTrail event, if it is high or above priority:
• Create an AMI of the server
• Suspend the IAM account
• Create a War Room with AWS Chime
• Email the security team with details
Taking prompts like these, Blink’s copilot takes the user’s prompt and begins building the automation with its knowledge of over 250+ integrations and thousands of actions it has been trained on. It’s even capable of writing Python for you, which is great for things like data transformation and solving the age-old mystery of REGEX!
You’ve probably got some pre-existing scripts, and we can bring those into Blink too, whether they are in Python, Bash, PowerShell, JavaScript, etc.
Reflecting on my early days at the Joint Cyber Unit within the British Military, we faced the challenges of handling numerous security alerts and the inefficiencies of manual processes. Despite improvements, the growing volume of alerts and repetitive tasks remained a hurdle.
The advent of Security Orchestration, Automation, and Response (SOAR) tools in 2017 marked a turning point, though they still required extensive coding knowledge. My journey took a significant leap forward when I discovered Blink Ops, a platform leveraging AI to democratize automation.
And while I no longer work at the sharp end of SOC operations where Blink would have helped me and my team immensely, you and your team can now leverage this powerful tool.
You can get started by booking a quick call with our team here.
Blink is secure, decentralized, and cloud-native. Get modern cloud and security operations today.