Tag, you’re “IT”!
For those of you who are used to being responsible for an extensive cloud infrastructure, you’ll already be familiar with the joyous moment when someone hands you a random IP address, and tells you that it is running a vulnerable piece of software, or worse has already been compromised. Because the reality for many organisations, is that working backwards from an IP address to the system owner is a horrible manual-process, that includes sending emails to various teams and asking if anyone knows what the address belongs to and who manages it. Which is just what you need when you’re trying to deal with an incident, and are up against the clock.
To try and alleviate this, when we built scarlet we made sure to capture all the user supplied asset tags for the cloud environments, which we then include with every event we generate. This means that if you are already tagging your assets with owner, application or data-type information, you will have this delivered straight into your SEIM, and can then automate the incident response.
We think that your attack surface management tools should be making your life easier, not bombarding you with unactionable alerts. What do you think?