Name: Friday Flows Episode 28: Use AI to create cases and act on CrowdStrike alerts
Start: 2024-07-17T08:33:00Z
End: 2024-07-17T08:33:08.000Z
Location: BrightTALK

Smart, secure workflows for your whole team. The world's best companies
— from startups to the Fortune 10 – trust Tines to powerfully manage their
mission critical workflows, automatically responding to and remediating
alerts in real time.

We're excited to bring you another workflow from the Tines library and to introduce your new Friday Flows host Cameron Higgs! The legendary Blake Coolidge is handing over the reins for a season but he'll be back on your screens before too long.

In this episode, Conor Dunne walks Cameron through a workflow that pulls leads related to the Amazon Web Services (AWS) environment flagged by Hunters and searches for users with unauthorized permissions.

Friday Flows Episode 27: Disabling AWS User from Hunters Alert with Jira Prompt

Tyler Talaga, Staff Engineer at MyFitnessPal, is one of the early adopters of Tines' AI capabilities.
In this special "Wednesday Workflows," Tyler walks through a story he built to improve the visibility of Change Control requests.
This workflow routes Change Control requests to Slack with a detailed summary provided through the AI Action, helping the team quickly approve (or deny) a change.
The MyFitnessPal team is building many new, helpful automations with the AI capabilities, including one to summarize vulnerabilities fixed in MacOS updates. An automatic transform parses out the raw HTML in Apple's release notes, kicks a table to an AI action to evaluate for a particular link, and then passes to another AI action to rank vulnerabilities based on risk & provide the notes to the security team.
Big shout out & thank you to Tyler & the extended MyFitnessPal team for their continued innovation!
If you'd like to see a Tines demo with the newest AI features, you can request one here: https://www.tines.com/book-a-demo

Friday Flows Special Edition: Change Control with AI Summary

Stephen O’Brien, Head of Product, will walk through our journey to introducing AI in Tines. He’ll cover key questions you asked us, and the ones we asked ourselves as we tested and iterated with this innovative technology.

Journey with AI from research to practical implementation
Best practices with interacting in Tines
Next steps for AI in Tines
We’re extremely excited about the usability improvements we built and how they’ll reduce friction for both our advanced and novice users alike. Register for the webinar to learn more.

AI in Tines | Product Spotlight

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Nicolas Chaillan. Nicolas is a security leader who has held several high-profile roles in US federal agencies including Chief Software Officer for the US Air Force and Space Force, Special Advisor for Cloud Security and DevSecOps at the Department of Defense (DOD), and Special Advisor for Cybersecurity and Chief Architect for Cyber.gov at the Department of Homeland Security. He is also the founder of no less than 13 companies, including Ask Sage, a GPT-powered platform that brings Generative AI capabilities to government teams.

Nicolas and Thomas discuss:

- Building the US government's first zero trust implementation

- Putting Kubernetes on jets and space systems

- The challenges of bringing new technologies to the federal government

- How the threat landscape will continue to evolve for US federal agencies

- The biggest mistakes entrepreneurs make

- How cross-team collaboration helped him create meaningful change at the DOD

- The future of AI in security

- The inspiration behind his AI-powered platform, Ask Sage

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security

Sage's Nicolas Chaillan on moving the DOD to zero trust and deploying Kubernetes

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by George Griesler. George has been working in cybersecurity since 1997, when he assumed the role of Senior Network administrator at the United States Golf Association (USGA), eventually advancing to Director of Information Security. He currently serves as the Senior Director of Cybersecurity at the National Football League (NFL), where he works to secure events like the Super Bowl, which in 2024 was the most-watched telecast ever.

George and Thomas discuss:

- What security operations looked like in 1997
- Protecting the secrets of regulation golf equipment at the USGA
- The shift in security and privacy needs at live sports events
- Securing scents, flavors, and other chemical formulations at IFF
- Preparing for Super Bowl LXXVIII in the wake of the MGM Resorts cyber attack
- The Super Bowl threat profile, from scoreboard hacking to stadium credentials
- Collaborating with cybersecurity experts from CISA, the FBI, Caesars Palace, and the MGM Grand.
- Aligning security operations with physical security
- The reality of working on high-pressure events
- The benefits of knowledge sharing with other teams working on live sports events
- The importance of relationship building across internal security teams:
- The potential of automation, orchestration, and AI in incident response

The NFL's George Griesler on securing the Super Bowl and reducing risk

Don't have a technical background, but want to create automations that can help your daily work?

Check out Tines University: https://lnkd.in/eVuaVKbd

Andrew Lee, a Business Development Rep here at Tines, recently completed the certification & learned how to create Tines stories. In this Friday Flows, he walks through an API Pagination story to grab Star Wars characters.

No matter your skill set, it's easy to get started. In a matter of weeks, you'll be prepared to build powerful workflows and start reducing mundane, repetitive tasks.

Friday Flows Episode 25: API Pagination with Andrew Lee

Intercom moved from taking 2 months to build a workflow to taking 2 hours using Tines.

Join us as we explore how Intercom’s IT team used Tines to boost efficiency by overhauling their workflows.

As well as using Tines for themselves, the IT team provides the guardrails by which they can share Tines with other teams in their business and allow these teams to automate their own workflows without worrying about compliance, sensitive data etc.

What to expect from the webinar:

A summary of how Intercom used to build and manage workflows compared to what they are doing now with Tines.
How Tines can help your IT infrastructure/IT support/ Cloud Security/ Customer solutions teams.
Q&A session with Tines and Intercom to answer your questions

Intercom's Journey to an IT Automation Center of Excellence

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda.

Adam and Thomas discuss:
- Building discipline and resilience by working on SRE teams
- How a well-known DDoS attack changed his career path
- Using automation to reduce alert fatigue
- Strategies for plugging the security skills gap
- The potential of AI-driven XDR
- How cyber attacks are evolving in the age of AI
- Lessons learned from researching the history of cybersecurity
- Empowering teams to do their best work
- Creating a culture of continuous learning

Barracuda's Adam Khan on AI-driven XDR and plugging the security skills gap

93% of security practitioners believe that more automation would improve the work they produce.

Join us as we explore how Mars used Tines & Wiz to identify and remediate security risks within their cloud infrastructure with automated workflows. Along with insights on how to leverage Tines and Wiz, webinar attendees will hear directly from Mars about the impact these platforms have had on their business resilience and security culture.

What to expect from the webinar: A panel discussion covering:
- How Tines and Wiz can improve cloud security and reduce friction in current processes
- Insights from Mars on their investment in enhanced detection and response
- How companies can use these insights to operationalize cloud detection and response across their - teams and make security a team sport
- How to set security goals that are visible across the C-Suite
- Q&A session with Mars, Tines and Wiz

Remediating Mars’ Cloud Security Risks with Wiz and Tines

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth.

Thomas and Matt discuss:

- Moving from a large security team at Bank of America to a small one at Reddit
- Embracing scrappiness and doing more with less
- Overcoming sunk-cost fallacy
- Why the 2014 Sony hack was a pivotal time for AppSec
- Running the threat research centre at White Hat
- What he looks for when hiring in AppSec, the SOC and beyond
- His decision to start creating content about mental health in security
- Moving past imposter syndrome
- Renouncing superhero culture
- Paved paths and guardrails, and what comes next after "shift left"
- Lessons learned from Reddit's 2023 security incident
- The power of automating incident response

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security

Reddit’s Matt Johansen on renouncing superhero culture

Great Friday Flows today with Conor Dunne. He built this story to send notifications when a new device is enrolled in Jamf, check CrowdStrike to see if the device is also located there, and respond to a Slack thread with the findings.

They have impressively:

Reduced workflow build time by 95%, compared to Python
Have 4x more team members automating
Saved 150 hours in the first month of using Tines

Friday Flows Episode 24: Verify Crowdstrike is present on new devices in Jamf

This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India.

In this episode, Prima and Thomas discuss:

- The unique challenges of working in forensics
- Her transition to detection and response and cloud security
- Building a security detection framework at Segment
- Reducing mean time to resolve through automation
- Using data to prioritize which processes should be automated
- Merging teams and technologies when Segment was acquired by Twilio
- Joining the securing platform engineering team at Twilio
- Designing a challenging and varied career in security
- The influence of mentorship on career growth
- Democratizing security through knowledge sharing
- How security will change in the next five years

Twilio's Prima Virani on tackling burnout through automation

"This is a great example of the power of Tines. You can automate something simple, but also very manual & time-consuming."

Michael Tolan continues our cloud security series & walks us through a workflow to easily identify and manage Azure Entra ID guest accounts detected by Wiz. In seconds, take action by disabling or deleting any undesired guest accounts via a Tines page.

Friday Flows Episode 23: Retrieve and respond to Azure guest accounts with Wiz

On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.

In this episode, Andrew and Thomas discuss:
- Navigating the unique challenges of the Navy, from log management to prioritization
- Making the leap from the Navy to tech
- Building a security operations team and program from scratch at Netflix
- Red teaming phishing response playbooks at Netflix to test their effectiveness
- Recognizing the value of good processes
- Why teams should design processes first, automate later
- Creating a feedback loop between teams at Fastly
- How “shifting left” has helped Andrew’s team reduce vulnerabilities
- Using automation for risk assessment at Fastly
- Andrew’s approach to incidents like the Log4J vulnerabilities 
- Why growth in the vendor market is a good thing for practitioners 
- Why automation should be a requirement, not just a best practice
- What advancements in AI mean for threat detection
- The importance of risk-based decision-making
- The potential of self-remediation 
- Why good security leadership starts with taking care of your people

Fastly’s Andrew Santell on going from the Navy to Netflix

A fundamental pillar of cybersecurity continues to be employee education & awareness.

Today's Friday Flows features an easy way to test your employees & teach them to keep an eye out for suspicious emails.

This Tines story created by Conor Dunne grabs a list of employees from your HR system and sends them a simulated phishing email. A Tines Case will be created to track if a link in the email is clicked.

Friday Flows Episode 22: Run a Simulated Phishing Attack on your employees

To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies.

In this episode, Mandy and Thomas discuss:

- Her move from accounting to security 
- Why she was drawn to Elastic's employee-centric culture
- How her role at TiVo in the early '00s shaped her view of privacy
- Switching from a technology-first to people-first approach to security
- Recognizing the human factor in incident response 
- Embracing asynchronous operations on dispersed teams
- The importance of bringing your authentic self to work 
- Staying technical as you move into leadership
- How she puts her law degree to use as a CISO
- Balancing compliance and overall security posture
- Collaboration and knowledge sharing within the CISO community
- Elastic's approach of knowledge sharing by default
- How prioritizing analyst time will be critical in the future of SecOps
- Adopting an infrastructure-as-code approach
- Balancing between proactive security measures and reactive responses
- Building a culture of security across the organization
- Tips for surviving in security operations in tech

The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security

Elastic's Mandy Andress on switching to people-first approach to security

Learn more about one of our most popular workflow templates: Onboard Employees & Grant Access to Specific Tools where Conor Dunne shows how easy it is.

Friday Flows Episode 21: Onboard Employees & Grant Access to Specific Tools

In today’s Friday Flows, Conor Dunne, from the Tines Labs team, walks us through a new story using AI to create cases and act on CrowdStrike alerts.

As is the case with many alerts, there’s a lot of information, but it’s not always very clear. He first uses AI to simplify & normalize the data.

Once that is done & a case is created, we can also use AI to act as a security analyst and respond with one of four actions:
Suspend a user account
Isolate a host
Block a URL
Alert the security team using PagerDuty

In this demo, the AI was confident enough to block the URL, so it took action. If the confidence is not high enough, it will provide a recommendation but allow the analyst to take action manually.

I love this example because it’s a natural evolution of stories that Tines users have built for years: take an alert, enrich it, create a case, and help an analyst act. But with the developments in AI, it’s now much easier to parse the information & act with fewer manual steps.

Friday Flows Episode 28: Use AI to create cases and act on CrowdStrike alerts

Artificial Intelligence

crowdstrike

Data Architecture

Cyber Security

Cloud Security

Security Automation

IT Security

IT Automation

Information Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Friday Flows Episode 28: Use AI to create cases and act on CrowdStrike alerts

Presented by

About this talk

Tines