Cyber Security teams rely on accurate real-time information, usually sourced from their own monitoring systems and via good relationships with colleagues in other departments.
Both sources are critical when an incident related to cloud infrastructure occurs. Alerts are sent by monitoring tools to the SecOps Engineer, along with diagnostic information. To triage these alerts, further detail is sought from colleagues in cloud operations, software development and other parts of the business.
Questions along the lines of
- What System uses service xyz? I need to talk to the owner about it.
- Who do I contact about an Azure database triggering alerts?
- We have a good security dashboard but we don’t have reliable information on business uses of these cloud resources. Can we integrate this information from somewhere?
The common theme here is ‘business context’. Security teams need a bridge between low-level monitoring tools and the day-to-day business operations of the company. Ideally they want this information at their fingertips, and not have to spend time contacting another person to get or verify an answer.
Managing Critical Tags
When a cloud estate can run to hundreds of thousands of resources, it’s not possible for just one person to be able to answer business context questions on all of them. Standard good practice is to create a list of critical tags that have to be applied to each resource, for example tags indicating the related systems, environments, departments and owners.
This is the right idea, but many organisations have struggled to maintain tags. The dynamic nature of their business and cloud environments makes maintenance challenging resulting in data that’s hard to trust.
Some persist and try to keep their tags accurate with repeated ‘one-off’ projects. Some look for alternatives, and maintain their own lists rather than tagging. Both approaches are hard to keep up-to-date and can fast become unwieldy and time consuming. Pragmatism will likely then mean a reversion to calling colleagues for definitive answers instead.
How Keytag helps
The Keytag system addresses the challenge of keeping your critical tags accurate and up-to-date by:
- removing the complexity and effort in setting up a critical tag list and rolling it out.
- automating the accuracy of tags over time as your business changes.
- providing a simple self-reinforcing process that embeds into your company procedures.
Providing you one single reliable source of business context, stored in tags enabling downstream systems to automatically use the information.
So, if you are a SecOps Engineer who needs to know about the subject of an alert, you now have a two solid choices beyond calling a colleague:
- use the Keytag System to lookup the resource and get the full business context and organisation links in a second.
- see the business context directly on your primary monitoring tool as part its built in tag discovery.
Even if your primary monitoring tools do not support tag discovery, we offer integrations to sync these critical tags into monitoring tools. For example if you use the Qualys Platform, we can synchronise with module level custom tags .
