With cyber attacks showing no signs of slowing down, security incidents can be a heavy burden for NetOps teams. DDoS attacks loom over popular ecommerce sites, developer platforms, gaming networks, and government portals, making it necessary to strategize a game plan. We recently discussed how to create a rapid response plan in our webinar “Improve Your Incident Response with Incapsula and PagerDuty.”
With this new point-of-presence (PoP), we’ve expanded our portfolio of connectivity routes to provide better performance to visitors in the Nordic region, Baltic countries, and Eastern Europe.
The Critical Layer Between Systems and People
What makes Incapsula and PagerDuty a winning combination? With business pressures increasing to deliver products and services faster, this partnership helps ensure that our customers can swiftly meet the rising demands of their own customers without compromising security.
“Rising IT infrastructure complexity means that there’s normally a bundle of different tools and systems being used to monitor what’s going on in the network,” said VP of product at PagerDuty, Jonathan Wilkinson. “As things start to go wrong, as they invariably do as much as we seek to avoid it, a lot of noise is created.”
To help dampen the noise, PagerDuty acts as an aggregation point in the cloud. Not only does this help make sense of any incidents that arise, but it also helps accelerate solutions in a quick and appropriate manner. By reducing the uncertainty of who needs to respond to an incident, PagerDuty helps people fix the problem without delay.
Areas that PagerDuty focuses on includes:
- Centralize management
- On-call teams
How PagerDuty Streamlines Your Incident Response
PagerDuty can help improve incident response by breaking it down chronologically in five essential steps.
These steps are:
- Gaining global visibility
- Automating escalation as needed
- Resolving issues
- Understanding people and their system performance
- Making proactive improvements to reduce future incidents
Rapid Incident Response
For PagerDuty customers, data generated by Incapsula can trigger different incidents, which in turn can create alerts for several different security levels. Incidents such as DDoS attacks or SQL injection attempts can be assigned to a higher severity service where escalation is faster.
We also put an emphasis on auto incident resolution features. What this means is that Incapsula will be able to mitigate several attacks against your website automatically without involving your team. For example, as soon as a DDoS attack starts, Incapsula will send out an alert. If you’ve already configured your system for safety, our response will say the DDoS attack has been blocked. As soon as the DDoS attack is done, we’ll notify you and your team that the attack is over.
Simply by configuring a rule within the Incapsula system, we’ll be able to notify you that you’re having an attack. This will automatically resolve the issue without any human input.
“With all the flexibility around rules that can be created, which is very useful to lower the load of operations teams, things are done automatically without any manual intervention,” said Bhan.
The integration between Incapsula and PagerDuty includes:
- Easy email integration
- Severity based services
- Auto incident resolution
- Customizable notification
Please see an example of the Incapsula and PagerDuty integrated dashboard below.
Configuring PagerDuty to create different levels of incident alerts can give you visibility into your organization’s network so you’ll know when an incident starts and when it’s over. Your network ops team will be grateful to be able to focus on bigger issues instead of DDoS attacks that are being mitigated.