How can an organization’s security team defend its customers against threats at scale?
When the Twilio Security Operations team (SecOps) was founded, this challenge weighed heavily on our minds. We knew that automating all our threat investigation and response procedures would be key to safeguarding our customers, but we had no clue where to begin. We also knew that many of our peers were in the same boat.
That’s why today, we’re proud to open-source SOCless: a serverless framework to help organizations easily automate their security workflows and respond to threats quickly and at scale.
To get started with SOCless, visit the documentation at https://twilio-labs.github.io/socless/
Building automated security runbooks
When performing investigations and responding to threats, security professionals follow well-documented, pre-planned, step by step procedures. We call these procedures runbooks.
A typical runbook may require a security professional to use multiple security products, custom scripts, and decision trees to …