Managing security incidents can be a stressful job. You are dealing with many questions all at once. What’s the scope? Who do I need to engage? How do I manage all of this?

As an Incident Commander (IC), you have many responsibilities. You’re responsible for driving an incident to resolution as quickly as possible, creating the resources necessary to document, collaborate, and communicate while helping identify, engage, and orient the right people. On top of that, you also need to manage the life cycle of the incident and help bring the incident lessons back to the organization at the end. Trying to do all these things in a consistent way while managing an incident is not only very challenging, but it’s also likely to increase the meantime to assemble (MTTA), mean time to resolution (MTTR), and ultimately the cost of the incident.

At Netflix, we like to automate ourselves out of problems. Automation allows us to run lean, continue to meet the growing needs of the business, and focus our time on what really matters, resolving security incidents. With this in mind, we set out to create an orchestration framework for crisis management. We called this framework “Dispatch.”

Okay, but what is Dispatch? Put simply, Dispatch is:

All of the ad-hoc things you’re doing to manage incidents today, done for you, and a bunch of other things you should’ve been doing but have not had the time! 

Dispatch helps us effectively manage security incidents by deeply integrating with existing tools used throughout the organization (e.g. Slack, G Suite, PagerDuty, Jira). Dispatch is able to leverage the existing familiarity of these tools to provide orchestration instead of introducing another tool that people need to learn.

This means you can let Dispatch focus on creating resources, assembling participants, sending (Read more...)