The Future of Threat Intelligence is Automated

There’s a serious gap between insight and action for security teams today. While the strategic and tactical insight that threat intelligence generates is valuable, too often it remains locked in static reports or lost in the stream of feeds inundating SOC analysts.

This is where automation comes in: automation unlocks the full value of threat intelligence by shortening the time, steps, and resources needed to execute swift, effective action at every stage of the threat intelligence lifecycle. Now with the rise of no-code automation, security and intelligence teams can extend this value even further. As the name implies, no-code automation eliminates the need for custom software development and makes it easy for anyone to design and build automation into their daily tasks and team operations, without any prior programming or similar technical experience.

Q&A with Flashpoint’s Chief Automation Officer

The threat intelligence applications of no-code automation are endless. To dive deeper into no-code automation, we sat down with Flashpoint’s own Chief Automation Officer, Austin McDaniel, to ask him about the current and future state of this emerging technology trend, how Flashpoint plans to leverage the value of this technology in its platform, and how all of this ultimately benefits security and intelligence teams in terms of tangible ROI.

1) What Is “No-Code” Automation? Isn’t It Just SOAR?

In short, no-code automation democratizes software engineering and custom software development. While security, orchestration, automation, and response (SOAR) tools also connect disparate systems and applications similar to no-code, effective implementations often require significant professional services and training, with organizations ultimately exchanging security analysts for more engineers.

No-code automation enables all users—technical and non-technical alike—to design and implement automation into their daily tasks and workflows on their own without the need for extensive training and experience in coding. By overlaying intuitive user interfaces, anyone can build and design workflows making use of user-friendly features like drag-and-drop and visual process diagrams.

2) What Are Three Advantages of No-Code for Security and Intelligence Teams?

At Flashpoint, we’re embedding our no-code automation tool, Flashpoint Flow, deep into the core of our Intelligence Platform. Flashpoint Flow will enable even the lowest level analyst to automate threat collection, analysis, and remediation tasks without ever having to be a professional software engineer. Security and intelligence teams gain three major advantages from no-code automation and Flashpoint Flow:

1. More efficient and streamlined intelligence operations. No-code automation can add value to essentially every intelligence use case, such as facilitating card fraud deactivations, accelerating account resets as part of compromised credentials monitoring (CCM), or initiating a variety of actions as part of threat alerting, triage, and remediation.
2. Faster threat detection and mitigation. Security and intelligence teams can design multi-step workflows to ensure new threat alerts are evaluated at machine speed through pre-built decision trees and enriched context from other data sources. Meanwhile, once threats are verified, pre-built remediation workflows ensure new incidents and vulnerabilities are managed and blocked appropriately.
3. Better ROI with tangible performance metrics. No-code automation brings with it meaningful improvements to operational performance and risk mitigation that inherently demonstrate the return on investment (ROI) of threat intelligence through relatable business metrics, such as FTE time saved.

3) What’s Your Favorite Early Flashpoint Use Case?

Flashpoint Flow has so many use cases, it’s hard to pick just one. One of my favorites is definitely the applying no-code to takedown requests based on reference lookups. 

In this use case, Flashpoint Flow receives a new suspicious threat event from Flashpoint’s proprietary collections engine, which then triggers several processes to evaluate the threat more holistically; simultaneously, Flashpoint initiates sentiment analysis of the event, looks up company information, scores the reputation of the associated account or domain owner. Based on the aggregated severity score of the threat, Flashpoint Flow either sends to analysts for further review or automatically issues a takedown request, completely automatically. 

This use case is so powerful. It demonstrates how organizations benefit from the integration of machine learning, process automation, and security threat hunting—all fused together for better, faster threat protection.

4) What Pitfalls Can We Avoid from Early Adopters?

A common pitfall we see is when users hyperfocus on one micro problem as opposed to one component of a much larger challenge. For example, one user chooses to automate a few of her common searches with all of the results dumped into an email. While this is a perfectly fine way to use no-code automation, it limits the benefits that she and her entire team could realize by applying a similar automation design more broadly. 

A second pitfall is to prioritize automation over everything else, especially at the expense of the intelligence that feeds and initiates the automation. When automations contain inaccurate and incomplete intelligence, it can cause more harm than good, amplifying the damage done through continual repetition. Or more simply put, doing something bad faster only makes it worse.

5) How Will No-Code Evolve the Security Industry Over the Next 2-3 Years?

It’s difficult to imagine that no-code will ever replace coding altogether, but I expect that we’ll see it embedded much further into the daily operations of security teams. For instance, in the same way that we’ve seen FaaS (Functions-as-a-Service) replace running code on servers, I believe no-code will increasingly address larger, more complex security and intelligence sequences, eliminating more manual touchpoints that needlessly take up analysts time.

Automate Threat Intelligence into Action with Flashpoint

Sign up for your demo today. See firsthand how Flashpoint can equip your team with actionable threat intelligence, and get early access to Flashpoint Flow, our no-code automator and design interface. Discover the many ways to automate your threat detection and response capabilities to rapidly mitigate the physical, fraud, and cyber threats targeting your organization.