Posts

Pandemic-Proof Your Service Desk with Automation for MS-Teams

Author: Guy Nadivi

I’m going to assume that just about everyone reading this blog post is affected by the global COVID-19 pandemic. As of April 7th, 2020, the New York Times reported that at least 316 million Americans — about 95% of the country — have been told to stay home for at least the next few weeks, and likely longer. That’s forced a lot of organizations to very rapidly change the way they work, and especially for IT, the way they deliver services to an organization’s end users, customers, and partners.

One platform being chosen increasingly more often to deliver those services is Microsoft Teams. When you add automation to MS-Teams, you can create a pandemic-proof way to empower your end users and others with self-service, effectively turning MS-Teams into a virtual service desk operator that’s available 24x7x365

Adding a virtual service desk operator should be high on the list of priorities for IT Operations teams these days, because anecdotal evidence suggests that since the start of the COVID-19 pandemic, their workloads have mostly gone up, and in many cases, way up.

One thing likely to have caused workloads to spike upwards, of course, is the recent & very rapid switchover to remote working.

Numerous government & health officials have encouraged organizations to let their employees work from home, wherever possible, as a way of minimizing community transmission of the Coronavirus.

This created a new reality for those workers, because now that they’re working from home, they can’t just walk over to the help desk cubicle to make a casual request. They might not be able to do it by phone either because the help desk staff is also working from home, and they’re pretty busy right now just trying to maintain the status quo at most organizations.

Maintaining the status quo on its own is a pretty onerous task.

Ayehu’s customers, partners, and prospects have been telling us that IT Operations is already inundated with things like:

  • Application Issues
  • System Alerts
  • Outages
  • And of course the ever popular Password Resets

This represents just a fraction of the many incidents, requests, & projects that IT Operations is responsible for.

Now, thanks to the COVID-19 pandemic, on top of all that, IT has been tasked with this massive emergency project to start supporting most if not all people working remotely. It’s an absolute tsunami of work, and it’s further overwhelming IT Operations staff.

I think everyone can agree that this massive transition to remote working can be categorized as “unplanned work” for just about every IT Operations team.

It just so happens that last month, PagerDuty conducted a survey about the impact of unplanned work on IT Professionals. I’d like to draw your attention to a couple of the results in particular.

Nearly 1/3 of respondents, 31% have said they “considered leaving a job due to too much unplanned work”. That should be pretty startling to anyone in IT management, especially right now, because if 1/3 of your team is thinking about leaving due to unplanned work, what will that do to your IT operation?

This isn’t a hypothetical scenario either, because as it turns out, 21%, over one-fifth responded that they actually have left a job due to too much unplanned work! So again, ask yourself what would happen to your SLA’s, ticket queues, etc. if one-fifth of your IT professionals just got up & walked out? I’m guessing it would drastically complicate things even more than they already are.

During this pandemic, many of you have no doubt heard the term “Flattening The Curve”, which refers to slowing, not stopping, the number of sick people who have to go to the hospital for treatment. Flattening the Curve is all about minimizing the number of cases that doctors, nurses, & hospitals have to deal with simultaneously so that the healthcare system doesn’t collapse.

And flattening the curve, of course, is one of the main reasons so many organizations are justifying sending people home to work remotely.

Flattening the Curve for the Healthcare System

But how about “Flattening the Surge” for IT professionals so that service desks & other operational teams don’t buckle under the strain?

Just like the healthcare system, IT Operations has a capacity threshold too. If the # of daily incidents, requests, etc. come in too high & too fast, IT Operations might collapse. Remember what PagerDuty’s survey said your IT staff might do because of too much unplanned work?

The way to avoid that disaster, the way to pandemic-proof your service desk, is with automation for MS-Teams.

Flattening the Surge for IT Operations

Thanks to COVID-19 causing so many people to work remotely, the NATURE of work is changing. That change will almost certainly carry over once the pandemic ends, and the all-clear signal has been given.

I want to share with you what work might look like post-pandemic from the perspective of Jared Spataro, Microsoft’s Corporate Vice President for Microsoft 365. He recently said:

“It’s clear to me there will be a new normal…… We don’t see people going back to work and having it be all the same. There are different restrictions to society, there are new patterns in the way people work. There are societies that are thinking of A days and B days of who gets to go into the office and who works remote.”

So he believes there’s going to be a new normal, and that new normal involves a lot more remote work for people who, pre-pandemic, found themselves exclusively in corporate office environments.

One of the products Jared Spataro is responsible for is Microsoft Teams, and the market that MS-Teams is in is called Unified Communications. More recently that space has been referred to by Gartner as the Workstream Collaboration market.

According to Statista, Microsoft’s market share in the Workstream Collaboration space has been growing very steadily, but on March 5th, 2020, things took a dramatic turn. On that day, Jared Spataro, who we just heard from, announced that in response to the COVID-19 pandemic, Microsoft Teams would be made available to everyone FOR FREE as of March 10th, even if you didn’t have an Office 365 license!

What happened next was truly stunning. The worldwide number of daily active users for Microsoft Teams exploded from 32 million to 44 million very quickly. An increase of 12 million users, about a 37% jump in basically a matter of days.

That definitely caught the attention of Slack, their top competitor. Slack’s TOTAL WORLDWIDE user base is 12 million users! So with their announcement, Microsoft effectively added the equivalent of 1 Slack user base to their own.

Now just to be clear, here at Ayehu we love Slack. It was the first platform we built chatbots for, and we’ll continue building chatbots that enable automation for Slack because it’s a great platform. But when it comes to market share going forward, the writing’s on the wall, and at least in the near-term, this market is probably going to be dominated by Microsoft Teams.

The great news about that is that Microsoft Teams, like other chatbots, can help flatten the surge for IT professionals by diverting calls or tickets or work away from the Service Desk, and shifting that load to end-users for self-service. Combining Microsoft Teams with automation can do more than reduce work volume though, it can also slash MTTR by accelerating resolutions of incidents & requests, liberate IT staff from doing tedious work & free them up for more important tasks, raise customer satisfaction ratings (an increasingly critical KPI for IT Operations), and last but not least reduce costs.

Let’s drill down a bit deeper on that last value proposition, specifically as it’s often measured by service desks – Cost Per Ticket.

There’s a general industry figure out there, published by Jeff Rumburg of MetricNet, an IT research & advisory practice, that the average cost of an L1 service desk ticket is $20.

However, if you turn any given service request into a self-help or self-service function with a chatbot like MS-Teams, you can drive that cost down by 80% to just $4 per L1 ticket. 80%!

If you’re a CIO, CTO, or any senior IT Executive, and someone tells you there’s a way to reduce your single biggest expenditure on IT Support by 80%, without reducing service effectiveness (in fact, possibly speeding it up), wouldn’t you want to learn more?

If you’re interested in test driving Ayehu NG with all its cool new features & ability to add automation to MS-Teams, download your very own free 30-day full-version trial today.

Why You Should Also Automate Your NOC Incident Response

NOCRecently, we shared some compelling reasons why incident management should be the next process you automate. Today, we’d like to take it a step further and offer some insight as to why NOC incident response is also a critical process that can benefit greatly from automation.

These days, many larger organizations employ their own network operations center, or NOC, to help monitor and manage any incidents that may occur across the infrastructure. The NOC team is responsible for making sure systems are running smoothly so that production and efficiency can remain high. The way they achieve this goal is through incident management and response.

When a situation arises, such as a service interruption or some other significant incident, the NOC receives word via their monitoring system. Once they’ve identified an issue, they must initiate an incident response, which will in turn notify the appropriate parties, providing the necessary information so they can begin working to resolve the problem.

Critical issues must be addressed quickly, as any down time can have a tremendous negative impact on the organization, from lower revenue to lost customers. This puts a lot of pressure on NOC managers to handle any and all incidents with the utmost attention given to quality and turnaround time. The problem comes into play when businesses are still relying on antiquated systems to manage their incident response processes. The result is a huge margin for error and unnecessary delay.

Enter IT process automation. This allows NOC managers to pre-define notification and escalation procedures across multiple shifts and various roles. When incident response is automated, it guarantees that not only will critical alerts reach the right parties, but that they will also be received and handled in the most timely and efficient manner. The element of human error is eliminated, thereby improving the entire process.

IT automation can also add a level of sophistication to the incident response process. With the right automation tool, incidents can be managed remotely from anywhere. Human decisions can also be factored into the procedures as needed, with workflows proceeding as defined and pausing to allow key decision makers to provide instruction and input before continuing on to automated completion. Furthermore, a quality automation solution will also provide full transparency throughout the entire incident management process. This ensures that every critical incident is handled just as it should be.

The ultimate goal of any NOC is to reduce downtime as much as possible. Automating incident response can help cut incident recovery time by up to 90% – a feat that would be nearly impossible without the right technology in your corner. This helps to reduce the impact of system outages and other critical issues, ensuring business resilience and maximizing ROI.

With that said, if your NOC isn’t yet leveraging the power of automation to help optimize your incident response process, your organization is most certainly missing out. The good news is it’s never too late to start!





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




Why it’s So Important to Have an Incident Response Plan in Place

It's Time to automate!We recently touched on one of the latest big security breaches, which occurred when retail giant Target failed to properly handle an incoming cyber security threat. That one costly mistake cost millions of Target customers their privacy and brought global consumer trust to an all-time low. Now, another serious security breach has occurred, hitting 200 hospitals in the US and compromising the confidential data of 4.5 million patients. So what can you do to prevent your organization from becoming the next target of online hackers? Simple. Develop and implement a quality incident response plan. Here’s how.

Incidents are basically our first indication that a problem has presented itself. They’re often precursors to a much more serious disaster. So, if they’re not handled properly, the results can be catastrophic (just ask Target executives). When an incident occurs, it means something out of the “norm” has happened. The next step should be analyzing and prioritizing that incident so that the next appropriate course of action can be taken to address the problem, if necessary.

In terms of its severity, an incident can generally be defined as any event that, if unaddressed, may lead to a business interruption or loss. For instance, a virus getting introduced into your network starts as an incident. If not properly handled, however, that virus can cause irreparable damage. Upon further investigation, it turned out that the reason for the Target debacle was not so much that hackers got into the system, but that IT did not respond to the initial incident as they should have. The result was the disaster we all heard about on the news.

To avoid all of this, an incident response plan should be developed that includes the following actions:
  • Have a quality monitoring system in place
  • Identify the potential incident
  • Respond to the incident in a timely manner
  • Assess the situation, analyzing the severity of the incident
  • Notify the appropriate parties about the incident
  • Take appropriate measures to protect sensitive data and minimize impact
  • Organize, prioritize and escalate the incident response activities accordingly
  • Prepare for adequate business recovery support in the wake of any damage caused in the interim
  • Review process, making necessary adjustments, to prevent future similar incidents and improve the way they’re handled

In our recent article, we also discussed how IT process automation can help streamline the incident response process. First, you can integrate your automation tool with your monitoring system. That way, all incoming alerts will be handled according to the predefined workflow and serious issues don’t get missed.

Not only does automation help to ensure that critical incidents are identified, communicated, escalated and addressed in the timeliest manner possible, but it can also help identify potential risks by recognizing when something occurs that is out of the “norm” for business processes. This allows you to proactively intervene and hopefully prevent any issues from occurring in the first place.

An incident response plan is something that every organization should have in place. Don’t risk becoming the next business that appears on the news for a breach of confidential information. Get your IRP in place today, and optimize it with automation to proactively protect your business against dangerous cyber-attacks, both now and in the future.




eBook: 5 Reasons You Should Automate Cyber Security Incident Response




How IT Automation Can Streamline Security Incident Response

How IT Process Automation Can Help Streamline Security Incident Response

By now, the entire world knows how utterly disastrous security breaches can be for large corporations (just as we discussed about retail giant Target).  Upon further inspection, it became clear that the reason for this most recent blunder was not so much that the store’s IT team deliberately looked the other way or dropped the ball on their duties. They, like so many other IT security professionals, were simply so overwhelmed with incoming alerts that they made a poor choice. So how can other corporations learn from Target’s mistake? Simple. Automate Security Incident Response.

A recent study conducted by threat detection solution provider Damballa, Inc. revealed that on any given day, a typical company can field up to 10,000 incoming security alerts. Some of the bigger organizations can see several times that many notifications – upwards of 150,000 per day. When faced with numbers that big, it’s easy to understand how overwhelmed IT groups can become. Even with a larger team, fielding that many notifications effectively is simply not possible.

IR-diagramSurvey respondents gave resounding approval to the idea of using automation to help ease the burden and improve security incident response ability and turnaround. In fact, 100% of security professionals polled agreed that “automating manual processes is key to meeting future security challenges.” Enter the increasing role of security incident and event management products (SIEM), which captures the important incoming data to be reviewed and investigated by security personnel. While this technology has certainly come a long way over the past decade or so, making it more flexible and scalable, it is still not proving to be enough to really combat the “big picture” problem.

One of the biggest issues with relying on security incident response and event management products alone is the lingering problem of false positives, which can bog down the security team and increase the likelihood of a real incident slipping through the cracks. The real solution is to marry SIEM with automated security incident response software. Combining these two together creates a more comprehensive and airtight approach to managing the influx of incoming alerts while weeding out false positives to focus on only those incidents that truly warrant attention.

To get the most out of security incident response and event management products, integration with automation is essential. This will help to not only manage incoming alerts more effectively, but also streamline security incident response and investigation workflows after the fact. The result is an increased level of intelligence for security personnel, and a much safer IT environment for the entire organization. Doing this successfully can also dramatically improve operational efficiency. Instead of the average of 90 days it takes to manually discover a security breach and the subsequent 4+ months to resolve it, automated incident recovery can be reduced down to just one day. This could potentially save an organization an average of 8,633 man-days each year.

What would your company do with that many extra man-days?

Find out today how easy it is to integrate your security incident response and event management products with IT process automation for enhanced incident management.





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




How The Internet of Things will Complicate Incident Response

How The Internet of Things will Complicate Incident ResponseBy most accounts, the concept of the Internet of Things (or IoT for short) is being regarded in a positive light. After all, connecting our day to day activities with smart devices will likely make our lives easier, right? There is, however, at least one area for which the IoT will likely cause some issues, at least at first. That is, incident response. Let’s take a look at how the two will work together and how some of the inevitable challenges can be overcome.

The main reason why the IoT is poised to complicate the job of IT professionals everywhere is really quite simple: security. With increased connectivity and more widespread use of cloud technology comes increased risk of cyber-attacks. This is made even more challenging as organizations begin to adopt Bring Your Own Device (BYOD) policies. Then, not only will IT be responsible for making sure internal infrastructures are kept safe, but a host of external devices as well.

All this being said, there are certain adaptations that can be made to existing incident response plans that will account for the impact of the IoT:

Changing Regulations – Regardless of industry, there will be certain changes to regulations that will be designed to protect sensitive data from security risks. This is especially the case in fields such as health care, which is already heavily regulated by HIPAA. Incident response plans will need to be modified to remain in compliance with these changes in order to avoid being targeted and penalized.

Prioritization of Critical Systems – More widespread connectivity will mean a more enhanced prioritization of which systems are most critical to the organization. For instance, while one desktop or printer failing may not significantly impact operations, shutting down an entire infrastructure can be nothing short of devastating.

A Group Effort – Where incident response used to be solely the responsibility of IT personnel, the IoT may change this to some degree. Given the fact that so many additional devices will be present, IR will need to be more of a group effort, involving everyone from HR to legal. To that end, IT leaders will need to clearly define each department’s role, setting expectations and effectively communicating requirements.

The Right Tools – An evolving incident response strategy must be established upon a solid foundation of technology. Quality tools, like automation, can help streamline the process and provide the agility to adapt to the changing landscape of IT.

There’s no question that the IoT is poised to take the business world by storm. At the same time, security breaches are becoming more frequent and complex. To ensure ongoing protection, IT professionals must find a way to adapt their procedures to include the changes that are already happening as well as those that are certain to come in the not-so-distant future.

Is your incident response plan strong enough to survive the IoT wave? Get started today!





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




How to Create an Effective Incident Response Plan to Avoid Cyber Security Attacks

How to Create an Effective Incident Response Plan to Avoid Cyber Security AttacksThere are two common reasons why many organizations today are still failing to properly prepare for possible cyber-attacks. Some companies believe that the incident response plan they already have in place is sufficient enough to handle threats, while the other portion mistakenly believe they are not at risk of such an attack. Yet, with all the recent online breaches, it’s never been more evident that every business must evaluate their current strategy and prepare for the inevitable because everyone is at risk. That said, here are a few tips for establishing a highly effective incident response plan that will keep your organization protected from would-be online attacks.

First, evaluate and test your existing incident response protocol. It’s important to not only have a strategy in place but to also check it regularly to ensure that it’s working as it should be. Simulation exercises should be conducted on a regular basis, not only to assess the quality of the incident response plan, but to keep personnel prepared for what steps are necessary to address incoming threats and, if needed, bring systems back online.

An analysis of existing strategies should also include a check of whether the right tools are being leveraged to simplify, consolidate and streamline the incident response process. One of the most common issues behind successful security breaches is the fact that IT personnel simply do not have the bandwidth to be able to field the volume of incoming threats. This is how incidents slip in under the radar and wreak havoc. Adding automation into the process can eliminate this problem by allowing technology to identify, validate and prioritize all incoming threats.

Whether your organization happens to have a plan in place that is inadequate or you’ve really not taken any measures to develop such a plan, the key is first recognizing the risk and ensuring that your systems and strategies are fully tested and properly planned. Additionally, personnel must be brought up to speed and well-versed in situational response. The hurdles of cost and lack of resources can easily be overcome by employing cost-conscious solutions, like integrating an ITPA tool with existing systems to enhance and extend their effectiveness. A combination of technology and training should do the trick.

The fact is, cyber-attacks can happen at any time and to any business in any industry. How quickly and fully your organization can recover from such an attack is directly proportionate to the quality of the incident response plan you have in place. By applying the principles outlined above, you can proactively manage incoming threats and handle incidents in a timely manner, thereby keeping your company’s sensitive data safe from imminent harm.

Is your incident response plan strong enough to keep your data secure?

Could the added benefit of automation improve and enhance its effectiveness? More importantly, can your organization afford to remain vulnerable to dangerous and costly cyber-attacks? Give our robust IT Process Automation tool a try free for 30 days and start protecting your business today.





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




10 Ways to Reduce Cyber Security Threats with Automation

How to Create an Effective Incident Response Plan to Avoid Cyber Security AttacksIn today’s day and age, especially given recent events, concern about cyber security is at an all-time high. Businesses, consumers and employees all want to be certain that their sensitive information remains safe and secure at all times. Just consider the recent security breech that occurred with major retailer Target, through which the sensitive financial information of millions of people was compromised by a hacker. So, how can you be sure that the confidential data your organization is responsible for will remain safe from a potential cyber threat? Simple: through Automation. Here’s how.

You probably already have some type of security information and event management (SIEM) system in place, which is designed to protect sensitive data from being accessed by unauthorized parties. The right IT process automation software can essentially integrate with that existing system to both enhance and extend its capabilities. The result is a closed-loop automated process that helps to identify security incidents the moment they occur so they can be addressed immediately. Furthermore, because this is no longer done manually, operational efficiency will improve as an added bonus.

The way it works is simple. Security threats are identified right away so they can be evaluated to determine their level of importance. With the right product, this part of the workflow can incorporate human decision making. The security analyst can review all detected threats, verify their severity and then determine the next step in addressing each one. IT Process Automation is then reinitiated and the workflow can continue instantaneously. The appropriate tasks can be executed over either physical, virtual or cloud environments. IT process automation can monitor security threats both on a case by case basis and via routine scheduled scans to proactively identify and prevent security vulnerabilities.

There are 10 distinct ways that IT Process Automation can help businesses reduce cyber security threats, as follows:
  1. Capture SIEM system security events and automatically execute specified procedures to extract additional information, manage incident resolution and communicate with relevant personnel as needed to solve more complex events.
  2. Capture antivirus system alerts and execute policies to prevent intrusions and the spread of viruses and other dangerous external threats.
  3. Monitor the availability and functioning of internal security systems.
  4. Remotely disconnect any unauthorized devices and/or computers from the network instantly via email or SMS.
  5. Remotely disable/lock access for hostile users immediately via email or SMS.
  6. Conduct remote, on-demand checks of users who are currently logged in to a certain workstation, using either email or SMS.
  7. Generate daily reports of Active Directory (AD) locked users.
  8. Generate daily reports of AD users that haven’t logged in to the domain during or within certain timeframes.
  9. Generate reports of AD users whose passwords are about to expire within the next few days, as well as send alerts via email/SMS.
  10. Enable/disable user logins within certain time frames to maintain better control over remote user connections.

These days, cyber threats are everywhere and businesses of every size and industry must be aware of the dangers, and take proactive measures to protect the sensitive data that they are in possession of.

By integrating IT automation with your SIEM solution, you can more effectively achieve this goal and provide an added level of protection to your sensitive information.





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




Top 10 Cyber Security Trends for 2015

Top 10 Cyber Security Trends for 2015The topic of cyber security is a hot one these days, and poised to remain that way for the foreseeable future.

With online security threats becoming much more sophisticated, businesses of every shape, size and industry are finding themselves in a position to spend time, money and resources to keep sensitive data safe. One of the most effective ways to do so is to remain abreast of what’s happening within the cyber security sphere so you can stay ahead of the game. That said, let’s take a look at the top 10 trends expected to affect this area over the coming months.

1. Shift to More Holistic and Flexible Strategies – With the level, intensity and type of threats changing on an almost daily basis, IT professionals will need to adapt to address these changes. A robust, automated system for monitoring and managing incidents will be required.

2. Integration vs. Single Solutions – There will be no one-size-fits-all approach to handling cyber-attacks. To the contrary, various technologies and systems will need to seamlessly work together to achieve the greatest level of protection. The key will be to find solutions that offer comprehensive integration while also providing out-of-the-box, user-friendly features.

3. Surge in Regulatory and Compliance Requirements – With the increase in security threats, we will also see a rise in the regulations surrounding compliance, particularly within the Government, Retail, Banking and Commodities sectors. These regulations will differ by country and will be based on industry best practices.

4. Rise of Mobile Malware – Cyber-attacks will no longer be confined solely to traditional servers and other equipment. Malware is now being aimed at mobile devices, including smartphones and tablets. This remains a significant concern, both for consumers and for businesses, which will need to develop strategies to address this growing problem. This will be particularly high on the list of priorities for the banking and retail industries as well as those organizations who’ve adopted a BYOD policy.

5. Automated Incident Detection – Online security is a 24/7/365 job. In lieu of hiring round-the-clock staff or requiring your IT personnel to remain constantly on-call, automation will become even more widely adopted across the globe. Incidents can be immediately detected, analyzed and prioritized, and the appropriate staff can be notified accordingly for a much more efficient and effective process.

6. Automated Incident Response – Along with the automation of incoming alerts, the response process will also be an area that IT Process Automation can be more effectively leveraged. By integrating a sophisticated ITPA product with the incident management strategy and creating a closed-loop process, the impact of any successful cyber-attacks can be significantly minimized while mean time to resolution (MTTR) can be dramatically improved.

7. Focus on Protecting Embedded Platforms – Platforms such as telecom infrastructure, hand-held devices and POS terminals have been exposed as targets for cyber criminals, as evidenced in the recent attacks in the retail and oil/gas sectors. Stronger security strategies will need to be developed and implemented to account for this added risk.

8. Increased Automation of Security Governance, Risk and Compliance (GRC) – Not only will enterprises need to continue to adhere to various regulatory and compliance standards, but there will also be a pressing need to maintain a level of flexibility and sustainability in doing so. In order to effectively manage audit requirements, more and more organizations will begin to adopt automated solutions.

9. Shift from Awareness to Best Practices – The previous strategy of simply raising employee awareness of information security will no longer be sufficient. Instead, organizations must focus their efforts on employee training and implementation of “best practices” to ensure proper risk-based behavior.

10. Proactive vs. Reactive Approach – With the trend toward automation leading the way for incident management and response, there will be a natural shift toward a more proactive approach to cyber security. Whether the adopted model is internal, outsourced or a hybrid of both will vary by organization based on industry, location, cost, level of risk and a number of other unique factors, but all will need to adapt accordingly.

While each of these trends comes with its own set of circumstances, the one common thread that ties most of them together is the growing importance of IT process automation in keeping critical information safe from cyber-attacks.

Is your business protected? If not, the time is now. Download your free trial today and help your organization stay ahead of the game over the coming months and years.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response




Minimizing Mean Time to Resolution (MTTR) with IT Process Automation

Any seasoned IT professional will tell you that one of the biggest challenges they face in their day to day job is reducing mean time to resolution (MTTR), or the amount of time it takes to get key systems back up and running after an incident. Down time in any industry can have a significant impact on both internal operations and external service levels. And the longer it takes to get things resolved, the worse the problems can become. IT process automation can make minimizing MTTR even easier and more effective.

Managing mean time to resolution involves 4 main steps:

  • Identifying the problem
  • Uncovering the root cause of the problem
  • Correcting the problem
  • Testing to verify that the problem as successfully been resolved

How quickly you can achieve the first step will ultimately depend on the quality of the monitoring system you have in place. Having a basic system can only get you so far, but leaves a lot of room for costly error. Depending on how many incoming alerts your organization fields, staying on top of them can be too much for a small IT department. That means serious issues could slip through the cracks and cause major problems down the road. Enhancing your system with IT Process Automation can create a highly effective, closed-loop solution, ensuring that all critical incidents requiring attention are received and prioritized accordingly.

Once an incident is identified, the next step is determining its root cause. This is the costliest part of the MTTR equation because it takes time, resources and manpower. Obviously, the more serious the issue, the more quickly it needs to be addressed. This may require “all hands on deck” to help uncover the cause so it can be corrected. It’s also important that there is visibility and accountability at all times throughout the process. Who is handling the problem? What steps have been taken so far to get to the bottom of it? Has anything been missed? Again, automation can offer this by providing real-time status of incidents, ownership, severity and priority in one central dashboard.

As soon as the problem has been properly diagnosed, the third step is taking the necessary actions to resolve it as quickly and effectively as possible. With most incidents, time is of the essence, so developing a solution is critical. One of the biggest benefits of integrating automation into your incident management process is that it can actually predict Mean Time to Resolution based on historic events. This can provide a guideline for the resolution process and alleviate some of the stress that naturally arises during a downtime. The IT team will be able to work quickly and efficiently to implement a solution that will get systems back up and running fast, limiting the negative effects on the company.

The final step in the MTTR process is testing to ensure that the problem is, indeed, resolved. It’s also important to assess each process to identify areas that can be improved. Being proactive can help to understand the best way to deal with similar incidents and can even help to avoid them completely.

In conclusion, managing the mean time to resolution process involves careful monitoring and the right tools, specifically IT process automation. This can provide the most timely and effective response and a faster overall turnaround, thereby reducing or even eliminating impact on the business. If your current incident response system isn’t producing these results or you’d like to learn more about how ITPA can dramatically reduce your MTTR, call us today at 1-800-652-5601 or download a free 30 day trial.




How to Get Critical Systems Back Online in Minutes




Incident Response: A Common Pitfall that Can be Avoided

Incident ResponseThese days, it seems we cannot turn on the news or go online without learning about another major security breach. The most recent and disastrous being those that occurred to a number of popular retailers, like Target and Home Depot. What is the common thread amongst those affected by cyber-attacks? According to investigators, the problem can be linked back to a lack of incident response in nearly every single case.

Yet despite the fact that countless news articles and reports have indicated this as the root problem, many organizations are still not taking proactive measures to protect themselves, their employees and their customers. There are plenty of reasons why, but the main ones seem to be:

They believe their current protection is adequate. Many IT professionals feel that the plan they already have in place is capable of thwarting any would-be attacks. The problem is, most of these existing plans only include preventative measures, such as malware. As the entire world learned from Target’s experience, this isn’t always enough to get the job done. Incident management that involves identifying, verifying, prioritizing and sending appropriate notification of incoming alerts is essential.

They don’t believe it can or will happen to them. Some companies feel that because they are smaller, they aren’t at risk. This is simply not true. Others – such as those in Europe – feel that they aren’t as targeted as businesses in other countries, like the US. The fact is, the only reason more breaches are reported in the US is because the government requires it. There are a similar or equal amount of incidents occurring in countries across the globe.

They don’t understand the real damage an attack can have. Some otherwise intelligent professionals put blinders on when it comes to the subject of cyber-attacks. Sure, retail giants felt a huge impact – as did their customer-base of millions. It’s important to note, however, that smaller organizations, even those who do not have to worry about sensitive client data, have valuable assets that could prove to be disastrous if they fall into the wrong hands. For instance, internal employee information and even trade secrets could be stolen if the company is not properly protected.

For these reasons (and countless others), many businesses fail to recognize the importance and overall value of a quality incident response plan. If you’re reading this and happen to fall into this category, let’s take a closer look at some of the many benefits of developing and implementing an incident response strategy for your business.

  • Reduce downtime. What impact would an entire system shut-down have on your business? One thing is for certain, the longer it takes to bring things back up and running, the worse the consequences will be. By managing incidents more effectively, issues can be responded to immediately, ultimately reducing the amount of downtime your organization will have to face.
  • Improve recovery time. Just as important as bringing systems back up and running is the task of rolling out a recovery plan. It only stands to reason that the more downtime, the more extensive the potential damage. Because quality incident response lets you address issues right away, the time and resources it takes to fully recover are limited.
  • Stay ahead of problems. With the right incident response plan (preferably one that involves IT process automation to field incoming alerts), you can take a more proactive approach to handling potential security breaches. This can mean avoiding any downtime altogether and protecting precious assets in the process.

The key to success, of course, goes well beyond knowing the benefits and even rolling out a plan. It takes ongoing testing to ensure that all pistons are firing on all cylinders at all times. This will further protect your firm from incoming risks and place you one step ahead of the problems that are befalling others all around the world.

With new, more sophisticated cyber-attacks being hatched almost daily, there’s never been a more important time to invest in a quality incident response strategy. It starts with the infrastructure of prevention and IT process automation to ensure a closed-loop process. This will vastly reduce the risks of anything slipping through the cracks (like what happened to Target) and keep your business protected over the long-term.

Don’t wait until your company has become a victim of an online security breach. 





eBook: 5 Reasons You Should Automate Cyber Security Incident Response