Threat Stack is now F5 Distributed Cloud App Infrastructure Protection (AIP). Start using Distributed Cloud AIP with your team today.
As discussed in part one of this series, Threat Stack is committed to making meaningful changes to its user interface (UI)–including alert context–to further reduce key security metrics like mean-time-to-know (MTTK). This is important because every minute, if not every second, counts when it comes to identifying potential security risks. Yet, according to IBM, the average time to identify a breach in 2020 was 207 days. To avoid our customers falling into this startling statistic, we’ve released fundamental new changes to our UI for an enhanced experience to provide sharper security — in turn, reducing MTTK. Let’s explore.
Introducing Alert Context
When a customer is notified of a new alert and begins the triage and response workflow, the Threat Stack Cloud Security Platform® can group alerts by common indicators such as compliance and process and then creates visualizations such as heat maps and trend graphs to provide alert trend insight on frequency and volume. In addition, contributing events are correlated to alerts to provide an activity trail to guide investigations.
With feedback from Threat Stack users, we recognized that common questions are often derived from navigating alert triage and investigations. Therefore, we added new alert context functionality that standardizes these commonly asked questions and provides proactive answers by default to our users. Alert context helps to quickly and accurately guide our users’ investigations into high severity alerts.
New Alert Context Functions: Highlights, Visualizations, and Tables
To accommodate our new alert context, we had to redesign how to display our rich alert data. We recognized that the current view had to be expanded to make space for our new functionality that showcased event occurrences for various types of activities, like alert highlights, new visualizations, and tables. As a result, we shifted from showing alerts in a horizontal drawer view to a more spacious and modern vertical drawer view, allowing users to view the pertinent alert details while also viewing the high-level alert table.
One of the new functions we are able to add in with the extra space is alert highlights. This new capability can supplement point-in-time context with a summary of historical activity related to the alert. This will provide our users with context about infrastructure, user, and process activity, offering crucial guidance during security investigations over the past month.
For example, instead of navigating through a multitude of events related to a specific user’s activity, Threat Stack provides a summary of the alert itself, such as the following:
Example of a specific user alert highlight on the Threat Stack Cloud Security Platform
Highlights also appear above our visualizations to summarize activity related to the user, agent, or process behavior in a human-readable format. For example, the following would appear above a histogram visualization showing activity for a specific user:
Example of a single user’s behavior summary on the Threat Stack Cloud Security Platform
We’ve also introduced a single-page alerts view, which provides users with visualizations such as a histogram that can show activity for users over the past 30 days. The histogram is interactive, allowing users to zoom in and investigate activity on dates of interest. The single-page alerts view is also deep linkable and can be exported to PDF, making it easy to share alerts of interest–including alert context–within the organization or with auditors.
Example of a single-pane alert page with sample data on the Threat Stack Cloud Security Platform
Our Commitment to UI Innovation
We’re enabling customers to navigate and manage their alerts seamlessly through the plethora of changes recently made to Threat Stack’s UI. Our goal is to reduce MTTK by providing more context so users can triage and investigate alerts quickly on our platform. These updates are only just the beginning of our design iteration for Threat Stack alerts.
Threat Stack is now F5 Distributed Cloud App Infrastructure Protection (AIP). Start using Distributed Cloud AIP with your team today.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...