Empowering the Employee: Incident Response with a Security Bot
Jeremy Krach at AppSec USA 2018
As organizations scale, it can become increasingly difficult for a small security team to process the large volumes of alerts. In addition, the employee who triggered the alert frequently has the most context as to what transpired. At our organization, we use a Slack bot to engage employees after suspicious activity. Involving employees has the dual benefit of raising company-wide security awareness and lightening the load on our security team. Employees also give us valuable insight into why an alert was triggered, so we can take the appropriate action as quickly as possible. We’re here to share some of the lessons learned after using this system for one year.
Speaker
Jeremy Krach
Software Engineer, Pinterest
Speaker
Jeremy Krach
Software Engineer, Pinterest