A PagerDuty Security Debrief
Today is day one of the RSA Security Conference in San Francisco, where thousands of security professionals from around the world come together to share new ideas, discuss global security vulnerabilities, and explore the latest technologies in the security industry.
But as digital transformation continues to disrupt all industries and introduce new technologies, it’s very important to keep security top of mind at your organization in order to protect customer and employee data and stay ahead of future vulnerabilities. In the spirit of the RSA conference, we decided to share some of our security best practices here at PagerDuty.
Security Is Everyone’s Responsibility
At PagerDuty, the philosophy of our Security Team is to make “being secure” as easy as possible for every employee. They do this by making themselves approachable and accessible to everyone, not assigning blame or calling anyone out when a mistake happens, and making it easy to report potential security issues via email or Slack.
We’ve also open-sourced our internal security training for employees and engineers, which provides some best practices and tips for employees to improve their security awareness, including:
- Keeping an eye out for social engineering
- How to keep the office and equipment secure
- Identifying suspicious pop-ups and links
- What to do with an email from an unknown sender
- How to choose a strong password and use multi-factor authentication
- How to handle data securely
- When to ask the Security Team for help
We make security everyone’s responsibility every day of the week at PagerDuty—and we highly recommend all organizations do the same.
DevSecOps at PagerDuty
In the old days, security teams were responsible for just that—security; however, with technologies like mobile, cloud, web applications, and the growing presence of distributed infrastructure, the once-siloed identity of the security team realized it should be a shared responsibility and integrated within the development and operations teams (aka, DevSecOps).
With the level of complexity continuously increasing across tech stacks, vulnerabilities and breaches have become an almost-daily issue that can have a lasting impact on a company’s customer base, reputation, and bottom line. So what can we do to combat this?
At PagerDuty, we follow a model of being reactive and responsive. For example, how quickly can we identify a security event or that a resource is out of compliance, and how quickly can we remediate the issue? Part of the ethos of DevSecOps is automated security decisions being made with speed at scale. Being able to respond quickly and efficiently can lead to potential cost savings and a reduction in risk.
Additionally, we operate a multi-tenant software-as-a-service platform in the cloud, and use many different tools to monitor and protect our infrastructure. These tools produce a lot of signals that we can mine and filter, and through integrations with the PagerDuty platform, we are able to create relevant security events and alerts. This ensures that we can quickly act on an event and start our incident response process to quickly contain it, respond to it, and recover from it.
Implementing a DevSecOps approach may seem like a daunting task, but with the right tools and solutions, it can be an iterative learning and improvement process that can fortify both the security environment and bottom line of your company.
PagerDuty for SecOps
A year ago this week, PagerDuty released PagerDuty for Security Operations, a solution built for security and developer teams that introduces a comprehensive set of security-focused integrations from PagerDuty’s broader partner ecosystem. With PagerDuty for Security Operations, development and operations engineers can bring security professionals onto a common platform to reduce risk, enabling them to resolve security alerts faster.
PagerDuty for Security Operations features over 25 integrations across a robust security ecosystem, including but not limited to:
- Security Information and Event Management (SIEM) (Sumo Logic, LogRhythm, Logz.io, AlientVault an AT&T Company)
- Security Orchestration, Automation, and Response (SOAR) (Demisto, Swimlane, Cybersponse, DFLabs)
- Threat Intelligence, Cloud and Application Security (Twistlock, Threat Stack, Aqua Security, Templarbit, Signal Sciences)
Other benefits include:
- Faster response by automating the engagement of security, development, operations, legal, or other teams via phone/SMS using PagerDuty Modern Incident Response.
- Increased situational awareness with PagerDuty Visibility and PagerDuty Event Intelligence. The two features give security teams insight across their environment of operational alerts and active incidents, and enables teams to contextualize security alerts and more effectively triage in real time.
- A better understanding of team health and the impact of noisy security alerts via PagerDuty Analytics and the PagerDuty Operations Health Management Service.
PagerDuty for Security Operations also helps DevSecOps, DevOps, and shared services teams “shift left” by improving efficiency and integrating security tools in their production pipeline. PagerDuty tightens the feedback loop on critical security vulnerabilities found in source code, artifacts, tests, and scans.
Thanks to Franklin Mosley and Rich Adams for their contributions to this piece.