Wishing You A Very Merry Christmas!

Merry Christmas

The hustle and bustle of the Christmas season is exciting for our staff.

But we have not forgotten about our loyal customers.

Thank you for your support.

We wish you the happiest of holidays!

-Team Ayehu


Why Did You Get Into IT? What First Drew You To This Field?


Why Did You Get Into IT What First Drew You To This FieldFor me, it was the sense of amazement at how computers could relieve people of manual work assignments that would be better described asmonotonous drudgery.

In the early 80’s, the classic example of this drudgery was manually recreating an entire financial model on paper to accommodate fluctuating interest rates, varying inflation rates, or some other variable that had a ripple effect on all the numbers.  Depending on the size of the financial model, the variable in question could generate hours (or days) of hand recalculations to produce just one alternative version.  And of course, all this work was done with pencil & a calculator.

Then along came the electronic spreadsheet, and suddenly, real-time what-if analysis was a reality, enabling financial analysts everywhere to ditch their pencils & calculators for PCs & software.  Spreadsheets not only saved people enormous amounts of time, they made it easy to instantly see the results of changed values, which led to a lot more what-if analysis, and presumably better informed decision-making.  In other words, spreadsheets freed up people to focus on more challenging, strategic, and intellectually stimulating work. It’s long forgotten now, but back then, this value proposition changed people’s perceptions of PC’s from “nice to haves” to “must haves”.

To this day, the IT field continues producing products that free up people from grinding gruntwork so they can focus on more important matters.

One area of IT benefiting from a surge of gruntwork-eliminating innovation is the data center.  Classic data center activities such as network monitoring, virtualization, security operations, help desk, and many other tasks are all being significantly automated today by a class of software called IT Process Automation (ITPA).  ITPA takes the routine, repetitive IT tasks that techies secretly despise, and automates them, eliminating wasted time, errors, inconsistency, and costs associated with performing those functions manually.  As a result, freed up technicians are able to finally focus on more complicated back-burnered issues, making much better use of their skill sets, and leaving them feeling far more fulfilled with their jobs.

When I watch seasoned data center veterans with 20-30+ years of experience get their first glimpse of ITPA in action, their sense of amazement rivals my own from seeing a spreadsheet the first time.  Most data center operators have no idea that automation for their domain has become so robust, and yet so easy to use.

I suspect that after all these years, the amazement at computers relieving people of manual, monotonous, drudge work will continue drawing people to this field. IT process automation is the “must have” for today’s data centers, and promises to do for techies what spreadsheets did for financial analysts.

What could IT process automation do for your organization? The best way to find out is to give it a try! Download a free 30 day trial today to get started.


Guy NadiviAbout the Author: Guy Nadivi, the Director of Business Development for Ayehu, has previously authored articles on business and technical topics for media outlets such as Forbes & The Jerusalem Post.

IT Process Automation Survival Guide

Automated Alert Ticket Creation in ServiceNow Made Simple

Many organizations using a network monitoring system like SolarWinds, would like to automate ticket creation in IT Service Management tools such as ServiceNow for the alerts SolarWinds generates from incidents.

There is a simple approach to doing this by just having SolarWinds send an email or via http request with alert information about the incident directly to ServiceNow, which can then automatically create a ticket for that incident.  However, the simplest way of doing things, isn’t always the best way of doing things.

Using an automation tool like eyeShare, which integrates with both SolarWinds and ServiceNow, offers some distinct advantages over taking the email approach, which is purely a one-way communication process, that doesn’t let you do a number of other important things.

For example…

If you use the email approach to generating ServiceNow tickets, you cannot receive a confirmation that it actually worked. When you create a ticket in ServiceNow from a SolarWinds email, you have no way to confirm that ServiceNow even received the email from SolarWinds, much less created a ticket from it in ServiceNow.

However, by using eyeShare’s integration between the two, you can not only confirm that a ticket was created in ServiceNow, but you can also extract the ticket # & the name of the responsible technician assigned to the incident.  This information can then be propagated back to SolarWinds for cross-referencing purposes.

Furthermore, during the ticket creation process, eyeShare’s communication, notification, & escalation capabilities can be leveraged to dynamically assign ticket ownership in ServiceNow to an appropriate technician.

For instance, eyeShare can notify the relevant person to take ownership for a particular ticket via SMS, email,  and instant messaging.  If that person can’t be located within say 60 seconds (or however long is appropriate), eyeShare moves to the next person in the escalation hierarchy, and tries to notify them.  eyeShare can escalate to a specific name, or to whoever is currently on duty, or even to a group of people in order to ensure that no matter what day or time it is, the right person takes ownership for a particular incident.  You can’t do that with the email approach. In addition to that, the email approach does not allow for any data enrichment.

If you use the simple email approach to ticket creation, how do you map information from a SolarWinds alert email to a ServiceNow form?  You can either use complicated scripting, which then negates the simplicity of using the email approach in the first place, or you can stuff all the information into one field on the ServiceNow form.  That’s not exactly the best practice technique, and it neutralizes a big chunk of ServiceNow’s value for storing information about an incident.

With eyeShare integrating SolarWinds & ServiceNow though, you can populate multiple fields on ServiceNow forms accurately, and do so without requiring any scripting.

For example, eyeShare can not only take information about the incident and use that to create a ticket in ServiceNow, but it can also include forensic information like CPU usage, available memory, # of users logged in, etc. and put that on the ServiceNow ticket as well.

Another big drawback to the simple approach of emailing alert information to ServiceNow, is that it gives you no way to first verify that the alert is NOT a false positive, unless (again) you’re willing to start writing some complicated scripts (and now, suddenly the email method isn’t so simple anymore).

With eyeShare however, you can incorporate a verification process into the ticket creation workflow, and confirm that the alert is not a false positive before starting to remediate the incident.  And BTW – you can do that without any scripting too.

When you integrate SolarWinds with ServiceNow, the communications flow is bi-directional.  That not only means that Solarwinds alerts can flow automatically to ServiceNow, but it also means that tickets submitted in ServiceNow can cause a flow of automation to be directed back towards SolarWinds. 

As an example, let’s say that you have a maintenance work of 100’s of servers that need to be patched.  Normally, taking down those servers might trigger an alert storm in SolarWinds.  However, if you submit a ticket in ServiceNow requesting a maintenance activity request for these servers, and that ServiceNow ticket gets approved, eyeShare will see that approved ticket in ServiceNow’s queue and execute a workflow that (among other things), puts those servers on “maintenance mode” in Solarwinds & thus avoids triggering a storm of false alerts.

This comparison contrasts the benefits of using simple emails to automate ticket creation vs. using an automation tool like eyeShare.  The good news however, is that using eyeShare to do what’s described above is actually pretty simple too, thus providing a superior approach to automating ticket creation in ServiceNow.

Not sure where to begin? Simply download your free trial and start putting the power of automation to work for your company

IT Process Automation Survival Guide

Filling Out Your IT Process Automation Wish List

IT Process Automation Wish List

As the holidays approach, many of us are busy making wish lists of all the goodies we’d love to receive from our loved ones. What about your IT wish list? Have you identified areas of your day to day operations where IT process automation could make your job easier, more efficient and more enjoyable? If not, there’s no time like the present. Here are a few tips to help you pull your thoughts together and come up with a comprehensive list to work from.

First, figure out what your goals are, both short and long term. What are some of your organization’s immediate needs and existing capabilities? An example of a short term goal might include the need for enhanced monitoring, reporting or system auditing capabilities. Down the road, the needs may expand to include ticketing and service desk capabilities, or automated backup and recovery. By understanding your areas of need, you can better determine which IT process automation features and/or products would be the best fit.

Once you’ve identified your goals, the next step is mapping out the specific areas where automation would make the most sense, now and in the future. This will help you figure out what your “must-have” features are when you begin evaluating IT process automation solutions. Almost as important as your must-have features are those which are expensive and unnecessary. There’s no point in investing in a product that offers a bunch of stuff you can’t or won’t use.

The next component of your IT process automation wish list involves scalability. How many systems, servers, devices and other endpoints in your enterprise do you need to take into account when evaluating automation tools? The goal is to select a product that offers lightweight computing, database and storage but also has the capability to expand as needed. That way as demands and business needs change, your IT automation will adapt accordingly without the need to replace it frequently.
Another part of this puzzle is future growth and performance. If your IT department currently manages 5,000 devices, but has an action plan to increase that number substantially over the coming months and years, the tool you select for your IT process automation should be able to keep up with the same pace of growth you’re anticipating. A good rule of thumb is 3-5 years.

Lastly, you’ll need to consider which type of tool makes the most sense. For instance, modular tools, also referred to as frameworks, combine modules to accomplish automation goals. These are typically complex and expensive, and as a result, are usually limited to larger enterprises. In comparison, point tools support automation on a more cost-effective approach. Unfortunately, the downside is they don’t tend to integrate well. An automation appliance, on the other hand, is an affordable, prepackaged product that can be quickly set up, integrated and deployed.

Once you’ve got your wish list drawn up, evaluate the options available in terms of meeting your IT process automation needs. Short list your selections and compare. Whenever possible, test out each product prior to making a purchasing decision. This will help you make the best choice for your particular business needs and budget

How can Ayehu make your IT process automation wishes come true? Try our eyeShare product free for 30 days. Click here to download.

IT Process Automation Survival Guide

Why Your SOC and NOC Should Run Together but Separately

The similarities between the role of the Network Operation Center (NOC) and Security Operation Center (SOC) often lead to the mistaken idea that one can easily handle the other’s duties. Furthermore, once a company’s security information and event management system is in place, it can seem pointless to spend money on a SOC. So why can’t the NOC just handle both functions? Why should each work separately but in conjunction with one another? Let’s take a look a few reasons below.

First, their roles are subtly but fundamentally different. While it’s certainly true that both groups are responsible for identifying, investigating, prioritizing and escalating/resolving issues, the types of issues and the impact they have are considerably different. Specifically, the NOC is responsible for handling incidents that affect performance or availability while the SOC handles those incidents that affect the security of information assets. The goal of each is to manage risk, however, the way they accomplish this goal is markedly different.

The NOC’s job is to meet service level agreements (SLAs) and manage incidents in a way that reduces downtime – in other words, a focus on availability and performance. The SOC is measured on their ability to protect intellectual property and sensitive customer data – a focus on security. While both of these things are critically important to the success of an organization, having one handle the other’s duties can spell disaster, mainly because their approaches are so different.

Another reason the NOC and SOC should not be combined is because the skillset required for members of each group is vastly different. A NOC analyst must be proficient in network, application and systems engineering, while SOC analysts require security engineering skills. Furthermore, the very nature of the adversaries that each group battles differs, with the SOC focusing on “intelligent adversaries” and the NOC dealing with naturally occurring system events. These completely different directions result in contrasting solutions which can be extremely difficult for each group to adapt to.

Lastly, the turnover rate in a SOC is much higher than that of a NOC. Perhaps it’s the very nature of the role, but the average employment time for a level 1 SOC analyst is around 2 years or less. Tenure of a NOC analyst is much longer. It only stands to reason, then, that asking a NOC analyst to handle their own duties and also take on those of SOC will likely result in a much higher attrition rate overall.

The best solution is to respect the subtle yet fundamental differences between these two groups and leverage a quality automation product to link the two, allowing them to collaborate for optimum results. The ideal system is one where the NOC has access to the SIEM, so they can work in close collaboration with the SOC and each can complement the other’s duties. The SOC identifies and analyzes issues, then recommends fixes to the NOC, who analyzes the impact those fixes will have on the organization and then modifies and implements accordingly.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

How Netflix Leverages IT Process Automation to Protect Its Information

How Netflix Leverages Automation to Protect Its InformationWith more than 62 million subscribers worldwide, it’s no wonder digital services company Netflix has to focus on keeping up a fast-paced, secure IT operations environment. The engineers who work for the streaming media organization are faced with the task of deploying code thousands upon thousands of times each and every day. How do they maintain such a high level of output? Well, one thing they’ve come to rely on is IT process automation.

The very nature of Netflix’s industry makes the company and its clientele much more vulnerable to cyber security attacks. And, as many other significant-sized enterprises have learned the hard way over the past decade or so, having a monitoring system in place simply isn’t always enough to achieve optimum protection levels.

What companies like Netflix need is a more comprehensive and closed-loop process that handles potential risks from start to completion. More importantly, these businesses must find a way to achieve this goal while balancing tight budgetary restraints and increasing demands for better, faster service. In other words, they must figure out a way to do more with less while also always maintaining the greatest level of cyber security.

As Netflix has discovered, IT process automation can provide the ideal solution to this need. Jason Chan, cloud security architect for Netflix, knew he and his team were facing a monumental task, particularly given the significant and speedy growth the company has sustained, stating that: “The only realistic way of maintaining security in an environment that grows so rapidly and changes so quickly is to make it automation first.”

Today, Netflix leverages IT process automation to perform and complete a broad spectrum of both routine and complex tasks and workflows.

Whether it’s identifying subscriber accounts that have been compromised or prioritizing and responding to incoming security incidents, automation plays a central role. In fact, the technology has virtually eliminated the need for human interaction (at least on a basic level), thereby reducing error rates while dramatically improving efficiency levels.

The company’s internal cyber-security system continuously monitors the platform for any changes which may indicate a potential breach. From there, the system then automatically determines the level of risk and, if necessary, notifies the appropriate team member that a change has been detected. For serious threats, the right human worker is made aware of the issue in a timely and effective manner so that it can be addressed immediately, thereby mitigating any potential damages.

In some instances, human intervention is completely unnecessary. For example, one monitoring tool Netflix employs can automatically identify a security problem, such as a compromised employee account, and isolate the concern and facilitate the appropriate action plan for dealing with the situation. When a security alert is received, the system goes through a series of workflows to establish precisely what’s happened and how severe the problem may be. If it’s determined that a certain action should be taken, such as disabling a compromised account, the IT process automation tool can execute that task accordingly.

Furthermore, IT process automation provides the added level of protection a digital firm like Netflix (or any business, for that matter) needs in order to prevent potential security breaches. Even without budgetary constraints, most IT departments simply do not have the capacity to handle the volume and complexity of incoming threats. This is when things get missed. Automation, on the other hand, can be the safety net, ensuring that no threat slips by undetected.

Finally, it’s important to mention that IT process automation isn’t meant to replace human workers, but rather – as Mr. Chan points out – to make life easier. “You really need to help get what’s most important in front of people as quickly and easily as possible, so you’re using your human resources as effectively as possible.”

How secure is your business against cyber threats? Could IT process automation be the missing link for you just as it has been with Netflix?

Check out these 5 compelling reasons you should automate your incident response process

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Leveraging Workload Automation for IT On-Boarding Processes

Leveraging Workload Automation for IT On-Boarding ProcessesOn-boarding is a critical process that all companies must invest in when bringing new employees up to speed. Not only does this process involve introducing the new team member to the organization and its culture, it also sets expectations and helps get the newbie up and running so they can hit the ground  running productively. IT plays a big part in this process, ensuring that each new user is set up in the system and has the appropriate login credentials and access they need to do their job. The good news is, workload automation can provide a solution to this tedious but necessary task.

Imagine a scenario in which a new employee named Jane shows up to work for her first day. She is eager to get started and, after a brief meeting with HR and filling out some necessary paperwork, Jane is shown to her work station and provided with her user ID and password. Unfortunately, when she attempts to log on and begin her training, the credentials she was given aren’t working. She is forced to call the help desk to request assistance.

When Jane places her call to IT, she gets Brian, a highly skilled but overworked individual who is already in the midst of assisting accounting with a serious system problem. Because the IT department is understaffed, Brian has no choice but to tell Jane he will get back to her once he’s finished with what he’s currently working on. By the time he finally does, it’s already lunch time and Jane has missed out on several hours of mandatory training.

These types of scenarios are happening in offices all across the world on a daily basis. And when things like provisioning new accounts are handled manually, not only is it a huge waste of time, but it’s also incredibly error-prone. When Brian finally had the time to go over Jane’s issue, he discovered that he’d actually set her account up wrong and had to go back and fix the problem before she could successfully access the network. This mistake caused a significant waste of time for both parties.

Enter workload automation. When these routine on-boarding tasks are automated, not only does it save time, but it greatly reduces the number of errors that occur with manual processing. Had the provisioning process been handled via a workload automation tool, Jane would have been able to get right to work as soon as she arrived at her desk. Meanwhile, Brian would have been freed up to focus on other more important issues that require human input.

Looking further at this sample scenario, instead of having to set up each account individually, Brian could have relied on a templated workflow. As soon as HR added Jane to the company database, the on-boarding process would have automatically been triggered without the need for Brian to intervene. Furthermore, IT could also leverage workload automation for additional processes, such as adding new users to payroll or provisioning servers.

Beyond the initial on-boarding process, workload automation can be used to automatically add, delete or modify user attributes. This can provide support throughout an employee’s entire life-cycle with the organization. For example, if a worker receives a promotion, a workflow can be executed to automatically modify that user’s account, access and security settings. It can also handle self-service change requests, such as password resets.

On-boarding is a process that every organization must invest in if they are to bring new employees up to speed quickly and efficiently and get them to maximum productivity. With workload automation, this process can be significantly enhanced, improving internal operations and creating a much better experience for everyone involved.

Want to learn more about leveraging workload automation for your on-boarding activities? Contact us today or click here to download a free 30 day trial.

eBook: 10 time consuming tasks you should automate

Why You Should Also Automate Your NOC Incident Response

NOCRecently, we shared some compelling reasons why incident management should be the next process you automate. Today, we’d like to take it a step further and offer some insight as to why NOC incident response is also a critical process that can benefit greatly from automation.

These days, many larger organizations employ their own network operations center, or NOC, to help monitor and manage any incidents that may occur across the infrastructure. The NOC team is responsible for making sure systems are running smoothly so that production and efficiency can remain high. The way they achieve this goal is through incident management and response.

When a situation arises, such as a service interruption or some other significant incident, the NOC receives word via their monitoring system. Once they’ve identified an issue, they must initiate an incident response, which will in turn notify the appropriate parties, providing the necessary information so they can begin working to resolve the problem.

Critical issues must be addressed quickly, as any down time can have a tremendous negative impact on the organization, from lower revenue to lost customers. This puts a lot of pressure on NOC managers to handle any and all incidents with the utmost attention given to quality and turnaround time. The problem comes into play when businesses are still relying on antiquated systems to manage their incident response processes. The result is a huge margin for error and unnecessary delay.

Enter IT process automation. This allows NOC managers to pre-define notification and escalation procedures across multiple shifts and various roles. When incident response is automated, it guarantees that not only will critical alerts reach the right parties, but that they will also be received and handled in the most timely and efficient manner. The element of human error is eliminated, thereby improving the entire process.

IT automation can also add a level of sophistication to the incident response process. With the right automation tool, incidents can be managed remotely from anywhere. Human decisions can also be factored into the procedures as needed, with workflows proceeding as defined and pausing to allow key decision makers to provide instruction and input before continuing on to automated completion. Furthermore, a quality automation solution will also provide full transparency throughout the entire incident management process. This ensures that every critical incident is handled just as it should be.

The ultimate goal of any NOC is to reduce downtime as much as possible. Automating incident response can help cut incident recovery time by up to 90% – a feat that would be nearly impossible without the right technology in your corner. This helps to reduce the impact of system outages and other critical issues, ensuring business resilience and maximizing ROI.

With that said, if your NOC isn’t yet leveraging the power of automation to help optimize your incident response process, your organization is most certainly missing out. The good news is it’s never too late to start!

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Why it’s So Important to Have an Incident Response Plan in Place

It's Time to automate!We recently touched on one of the latest big security breaches, which occurred when retail giant Target failed to properly handle an incoming cyber security threat. That one costly mistake cost millions of Target customers their privacy and brought global consumer trust to an all-time low. Now, another serious security breach has occurred, hitting 200 hospitals in the US and compromising the confidential data of 4.5 million patients. So what can you do to prevent your organization from becoming the next target of online hackers? Simple. Develop and implement a quality incident response plan. Here’s how.

Incidents are basically our first indication that a problem has presented itself. They’re often precursors to a much more serious disaster. So, if they’re not handled properly, the results can be catastrophic (just ask Target executives). When an incident occurs, it means something out of the “norm” has happened. The next step should be analyzing and prioritizing that incident so that the next appropriate course of action can be taken to address the problem, if necessary.

In terms of its severity, an incident can generally be defined as any event that, if unaddressed, may lead to a business interruption or loss. For instance, a virus getting introduced into your network starts as an incident. If not properly handled, however, that virus can cause irreparable damage. Upon further investigation, it turned out that the reason for the Target debacle was not so much that hackers got into the system, but that IT did not respond to the initial incident as they should have. The result was the disaster we all heard about on the news.

To avoid all of this, an incident response plan should be developed that includes the following actions:
  • Have a quality monitoring system in place
  • Identify the potential incident
  • Respond to the incident in a timely manner
  • Assess the situation, analyzing the severity of the incident
  • Notify the appropriate parties about the incident
  • Take appropriate measures to protect sensitive data and minimize impact
  • Organize, prioritize and escalate the incident response activities accordingly
  • Prepare for adequate business recovery support in the wake of any damage caused in the interim
  • Review process, making necessary adjustments, to prevent future similar incidents and improve the way they’re handled

In our recent article, we also discussed how IT process automation can help streamline the incident response process. First, you can integrate your automation tool with your monitoring system. That way, all incoming alerts will be handled according to the predefined workflow and serious issues don’t get missed.

Not only does automation help to ensure that critical incidents are identified, communicated, escalated and addressed in the timeliest manner possible, but it can also help identify potential risks by recognizing when something occurs that is out of the “norm” for business processes. This allows you to proactively intervene and hopefully prevent any issues from occurring in the first place.

An incident response plan is something that every organization should have in place. Don’t risk becoming the next business that appears on the news for a breach of confidential information. Get your IRP in place today, and optimize it with automation to proactively protect your business against dangerous cyber-attacks, both now and in the future.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Ayehu Automation Software Makes Gartner’s List of Security Operations, Analytics and Reporting Solutions

Ayehu Security Incident Response Automation Software Mentioned in Latest Gartner Research ReportAyehu Software Technologies Ltd., leading provider of enterprise-grade IT process automation software solutions is pleased to announce its inclusion in the latest report from respected IT research firm Gartner (#3166239). In this most recent publication, Ayehu was listed as a trusted provider of automation for security operations, analytics and reporting (SOAR) needs.

The 15 page report, entitled Innovation Tech Insight for Security Operations, Analytics and Reporting, examines how SOAR technologies go hand in hand with workflow management and automation. When strategically aligned, these two critical business areas will provide security operations teams with the ability to prioritize and automate much of their day to day activities, as well as collect, compile and report relevant data to enable better business decision making.

Some of the key takeaways of the report include identification of the three primary types of SOAR technology (security incident response, security operations automation and threat/vulnerability management) as well as how SOAR works in conjunction with vulnerability assessment (VA), governance, risk and compliance (GRC), security information and event management (SIEM) and user/entity behavior analytics (UEBA).

Furthermore, the Gartner report sheds light on the fact that few individual SOAR solutions are capable of effectively addressing the entire security operations management (SOM) life cycle. To combat this, the research firm recommends that security operations teams use available technologies to assess risk and vulnerability, prioritize operational activities, automate and enforce response and remediation workflows and more. Among the list of security automation software vendors is Ayehu’s eyeShare product.

“Gartner is certainly one of, if not the most respected authorities in the realm of IT research and reporting,” comments Gabby Nizri, Co-Founder and CEO of Ayehu, Inc. “Once again, we are truly honored to be recognized for our dedication and commitment to the IT automation industry. More importantly, we hope this report will help security operations teams to better arm themselves against the many threats that are out there so they can keep their organizations safe.”

About Gartner

Gartner, Inc. is the world’s leading information technology research and advisory company. They specialize in conducting, compiling and delivering technology-related insight to help IT professionals  and business leaders make sound decisions. Gartner is headquartered in Stamford, CT and currently employs 6,600 associates, including more than 1,500 consultants, research analysts and clients in 85 countries. For more information, please visit www.gartner.com.

About Ayehu

Ayehu provides IT Process Automation solutions for IT & Security professionals to identify and resolve critical incidents, simplify complex workflows, and maintain greater control over IT infrastructure through automation. Ayehu solutions have been deployed by major enterprises worldwide, and currently support thousands of IT processes across the globe. The company has offices in New York and Tel Aviv, Israel. For more information please visit www.ayehu.com

eBook: 5 Reasons You Should Automate Cyber Security Incident Response