IT and SecOps Workflow Automation
Synapsa Interconnector provides intelligent API based interconnections between monitoring, security and change management tools to avoid time consuming manual procedures. Thanks to predefined and custom parsers, it is able to accelerate overall workflow activities in daily operation. IT and SecOps Experts save time in the decision process and focus more on other necessary steps in daily operation.
Network Security Automation
For many organisations, security incident management process is very complex. The increase in alerts and events, year-over-year, together with increased security tools and a lack of skilled experts, resulting in inadequate response to daily business security threats. SecOps Experts need to be aware of all alerts, analyse all relevant events (often manually), check for false positives and decide the appropriate response. Then Security Operations need to get approved through the change management process.
This scenario leads to long delay and causes cyber security incidents. Network security automation is the process of carrying out security tasks using machine intelligence instead of human workforce in computer network environment. Synapsa Interconnector takes all necessary steps and automatically mitigates detected events or alerts SecOps Experts to allow ‘one click’ threat blocking. At the end, after operation team receives the report, forensics can be executed.
Threat Mitigation Workflow
NDR or SIEM forwards detected threats directly to Interconnector in real time
Interconnector receives syslog messages and runs to trigger API call
Interconnector modifies ruleset on Firewalls for immediate mitigation in compliance with defined rules
Features
Predefined Parsers
Ready made predefined miner parsers to get useful information from received alerts and events providing feeds for security policy templates which leads to very granular Synapsa rules.
Custom Parsers
On demand specify parsers preparation and current ecosystem integration for automated threat mitigation, incident response, security policy change management etc.
User Defined Security Policies
Users can easily configure how to create and run policy to block malicious traffic, mitigate the attack or isolate the threat on connected firewalls and also specify a rollback procedures.
Automatic or On-Approval Approach
Let users make a decision if the security policy will be applied automatically or need to be approved manually
Real-time feedback from Firewalls
Let SOC see if security policies created by them are really existing in security rulebase to make sure a a firewall administrator did not disable or delete them.
Full Control over Rules
Let users fully control what to do with security policies. There is an option to reject, revoke, approve or rollback in case the policy was not completely deployed.