This month we’ll be releasing more features that make the Securd easy to plug into your existing security stack. We’re exciting to add PagerDuty to the list of native integrations. In this post, we’ll show at a high level how the Securd Web Gateway and PagerDuty work together to improve real-time security operations (SecOps).
PagerDuty + Securd
For those in the security space not familiar with PagerDuty, the solution enables teams to automate alerting and remediation processes. PagerDuty enables you to manage large volumes of event and alert data. You can automate and scale routing, suppression, notification, and other behaviors based on event data fields, severity, schedule, and support hours. Detecting threats from an endpoint and remediating it from a malware infection or routing the right resource to investigate a phishing threat, are a natural fit for the two solutions. It’s also easy to setup the integration in a matter of minutes.
PagerDuty Setup Process
Login to PagerDuty, go to the Configuration menu and select Services.
On the Services page:
- If you are creating a new service for your integration, click Add New Service.
- If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the New Integration button.
In the Integration Type menu, select from the following based on your preference:
- Select Tool : Search and select Securd Web Gateway.
- Enter an Integration Name “Securd Web Gateway”. If you are creating a new service for your integration, in General Settings, enter a Name for your new service.
- In Incident Settings, specify the Escalation Policy , Notification Urgency , and Incident Behavior for your new service.
- Click the Add Service or Add Integration button to save your new integration.
- You will be redirected to the Integrations page for your service.
Securd Setup Process
- Above the Web Gateway Menu, Select a Company.
- Under the Web Gateway Menu, Click on Company Settings.
- Click on the Alerting/PagerDuty Tab.
- Set alerting to Enable. You will see that Pager Duty Status is “Not Connected”
- Click on Connect PagerDuty. You will be redirected to the PagerDuty website. Once you login, you will select the “Securd Web Gateway” Service you created above.
- Once you have selected the Service, Click on the Connect button.
- You will be redirected back to your Company Settings. The Status will say Connected.
Securd and PagerDuty are Connected!
Once you have completed the integration with PagerDuty and Securd Protective DNS, all your threat detection will now be sent directly to PagerDuty.
When a threat event is sent to PagerDuty, an incident will be created. This incident will correspond with a block event in your Securd Protective DNS Logs. The full payload of the passive DNS record will be appended to your PagerDuty incident.
Create a Cloud Driven Security Defense Capability
Almost in all Internet communications, DNS plays a central role. 90% of modern malware can be stopped at the DNS layer. Securd’s Protective DNS solution makes it easy to get started.
- Secure your endpoint DNS traffic and stop threats.
- Unify endpoint visibility of DNS traffic.
- Get your logs forwarded to a cloud-based SIEM.
- Set up alert and incident management with a best of breed tool.
Instead of focusing on building alerting and analysis into a silo, we’ll be expanding integrations across the security ecosystem. We’re looking forward to hearing from customers and prospects on an integration you need.