New Flashpoint offering automates incident response workflows

Low-code platform enables security teams to build security workflows with drop-and-drag ease.

A hand reaches to activate controls marked with gear icons [ process / update / fix / automate ]
Putilich / Getty Images

A new low-code security automation platform designed for ease of use was introduced Tuesday by Flashpoint, a threat intelligence company. Called Automate, the platform aims to lower the barriers typically associated with security automation.

"Automation solutions can be great, but oftentimes they require a team of engineers or developers, sometimes both," explains Flashpoint Executive Director of Automation Robert D'Aveta.

As everyone in the tech industry knows, engineers and developers can be tough to find. "Unless your organization has a staff of unicorns that can do automation work, that leaves it to ordinary people," D'Aveta says. "That's a barrier to entry for typical automation solutions that low-code automation can help solve."

"With our low code," D’Aveta continues, "you don't have to write a single line of code to automate a workflow, up to a certain point. If workflow gets really complex, there may be cases where you will need to leverage some kind of expression language, but it's not a requirement out of the box."

Automate integrates with third-party technologies

According to Flashpoint, with Automate security teams can build, implement and accelerate automated incident response workflows around repetitive tasks. "There's too much work for us to handle as analysts," D'Aveta says. "There's an overwhelming number of things that we have to address every day. A lot of those tasks are manual and repetitive so automation can bridge the gap between an alert and acting on that alert. That's important because it can free up time for analysts to focus on more rewarding, 'big picture' work."

The company notes that Automate allows security teams to build and customize workflows from drag-and-drop actions to automatically identify and contextualize threats. That, ultimately, can help teams prioritize and remediate threats to the enterprise.

What's more, Automate integrates with a continuously expanding third-party software suite, including Flashpoint's own intelligence platform, which enables security teams to automate and advance workflows already embedded into their own internal investigative and response processes.

"In this space, integrations are key," D'Aveta says. "We know that to make Automate really useful, we've got to integrate with as many third-party technologies that people use in their day-to-day operations."

Pre-built templates and reference use cases

Flashpoint maintains that Automate can reduce analyst fatigue with its built-in enrichment workflows and pre-built reference use cases. Those features can prevent analysts from getting bogged down with tasks that can be automated, such as research into IP addresses, domains, file hashes, and CVEs. Reference use cases can be used to jump-start the creation of automated workflows or be customized to accommodate existing processes.

"When you look across the automation landscape, they all have these pre-built templates," D'Aveta says. "They can be great for a number of reasons. They can spark an idea. They can be used out of the box. They can be customized. But they don't always reflect an organization's actual processes. What we do is take actual customer's use cases using our threat intelligence and data and tie them into our reference workflows."

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)