Go to listing page

Cyware Enables Granular Access Control of SOAR Automation Playbooks

Cyware Enables Granular Access Control of SOAR Automation Playbooks

Share Blog Post

The Cyware Fusion and Threat Response (CFTR) platform, in harmony with the Cyware Security Orchestration Layer (CSOL), equips security teams with the ability to form an end-to-end automated threat management workflow. CSOL Playbooks are the key to unlocking this capability within CFTR. Now, Cyware has set yet another industry-first milestone by introducing Role-Based Access Control (RBAC) of CSOL Playbooks within CFTR to provide admins with greater control over how their automated processes are executed.

How does RBAC help?
The new RBAC feature for CSOL Playbooks in CFTR allows admins to restrict the usage of their Playbooks to specific User Groups depending on the User Group configuration. This means organizations using CFTR can now gain several benefits including: 
  • Improved operational efficiency: With RBAC, organizations can decrease the need for manual processes for adding or changing the roles of different users. It also makes it quicker to onboard new users into a pre-defined role with the appropriate access to CSOL Playbooks within CFTR.
  • Increased visibility: RBAC gives SOC admins and managers more visibility and oversight into their security operations, while also providing the right level of access to authorized users for all the Playbooks they need to do their jobs.
  • Enhanced compliance: This new feature helps cut down on potential errors or lapses in assigning user permissions. It reduces the risk of leakage of sensitive security data to any unauthorized users. This means no undue access will be given to users for any sensitive information and, therefore, much less risk of violating any security policies or regulatory compliance.


How to use RBAC in CFTR?
The RBAC feature for CSOL Playbooks in CFTR ensures that SOC Managers/Incident Managers can provide a restrictive set of permissions like editing or running specific Playbooks, or preventing access to view Playbooks depending on the Playbook category.CFTR Admins need to enable RBAC access under the CSOL Integrations in the Configurations section.
  • Once enabled, CFTR admins will be able to set RBAC Validations when creating a new User Group. One of the ways to do this is to allow access to specific sets of Playbooks through Playbook Tags. This will then allow the corresponding User Group to view only the Playbooks associated with those Tags under Playbook Run Logs, Machine Learning Suggested Playbooks and All Playbooks.
  • When View Access is given to a User Group, the users can view the Apps and Sub-Playbooks associated with those Playbooks. With Edit Access, they can further update, edit, or run the Playbook as well.

CFTR also now allows Admins to set access to the Terminal module along with RBAC Tags configuration under User Management. With View Access, users can view the Terminal Module in a read-only mode. With Edit Access, they can view, update, edit, or run an Action in the Terminal Module.


One more thing 
To make incident response processes seamless, CFTR now enables users to execute dynamic CSOL Playbooks from within CFTR. This means users get the ability to configure and implement custom scripts, devise workflows, check conditions and actions on their incident response plan. Users can access the Playbooks from CSOL under the Incidents and Actions module in CFTR.


Conclusion
With the addition of the RBAC for CSOL Playbooks and the Terminal Module, CFTR makes the lives of security decision-makers much easier in overseeing their security processes with business function and responsibility in mind. This marks yet another step for Cyware toward enabling streamlined orchestration and automation of security operations for organizations worldwide.

 Tags

cyware fusion and threat response cftr
cyware security orchestration layer csol

Posted on: August 06, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.