Blumira was built for IT teams that don’t have the resources to build a Security Operations Center (SOC) or hire hard-to-find cybersecurity specialists. But can you really protect your environment from cyber threats with just the team you have today? The answer is yes. The key is automation and intelligence – supported by behind-the-scenes experts. Blumira is a powerful and comprehensive detection tool that guides threat analysis and mitigation for any user.
When an anomaly is detected on another cybersecurity platform, the user might have limited options for addressing it themselves. Instead, they may need to escalate, call in an analyst, or contact an outside consultant. The result can be a time-consuming scramble even if it’s something that turns out benign. Worse, critical time could be wasted when a serious incident requires immediate action. Blumira puts users in charge with playbooks that present a guided workflow for every detection. Let’s take a look at how they work.
After a few hours of setup, the Blumira platform ingests all the data it has access to and analyzes threats based on sophisticated rules that are constantly being refined. Detections are grouped into findings and an alert is triggered for each finding. Simpson explains it this way:
“We don't overwhelm our customers with hundreds or thousands of alerts. Instead, we deliver one or two findings that give them something they can actually work on.”
Blumira can be set to automatically block certain types of threats. Users or managers are notified via their preferred method based on rules like type or priority. They can then address the issue in a few easy steps:
Step one – The Blumira console lists all findings on one screen, with an overview of information including status, timing, type, priority, name, and analysis. Findings are given a threat level and categorized as Operational, Risk, Suspect, or Threat. A detail view even captures the specific log entries that originally triggered the alert.
Step two – When reviewing a finding, you can read a plain-English analysis of what’s been detected. For example, you might be notified that a new Global Administrator role has been set up. The analysis identifies the user and the location and goes on to note that this finding has been marked as Priority 1 because the Global Administrator role has full permissions over the entire tenant and should be limited to only a few trusted people. Some of the explanation might be obvious to an experienced security analyst, but it’s included so any user can quickly understand what they’re looking at and take action.
Step three – Every Blumira finding comes with a step-by-step playbook that walks the user through investigation and mitigation. For example, in the Global Administrator example, the user is presented with a question: Was this an expected configuration change? It very well could have been. If that’s the case, consider it Blumira’s way of saying, “Just checking.”
But let’s say the change caught you by surprise. No need to panic quite yet. If you answer ‘no,’ you’ll be presented with a recommendation to review the activity of administrative users within the suspect time period.
Step four – Now you’ve got a tangible task to do. You know where to look. After running a report on administrative activities, you’ll answer a final question: What conclusion was made about the anomalous activity? The answer you choose – compromised user, malicious insider, non-malicious automated actions, sensitive data leak, or other – is documented on the Blumira platform for later review and reporting.
Some Blumira playbooks are as simple as that, others are more involved. Each one provides the user with tangible actions so they can methodically address and clear each finding.
You can think of Blumira playbooks as a customized, self-guided help desk. Each question or task is informed by data and by your answer in the previous step. This allows you to respond quickly without guessing, searching for information, or waiting to talk with a paid consultant. Blumira has found that most issues can be handled by an IT team member using the platform an average of about fifteen minutes per day.
"Our IT help desk employee is in charge of monitoring Blumira. Without requiring a ton of experience, Blumira's platform provides very simplified language and built-in workflows that help him also learn about security as he uses the product – it's not overloading him with alerts and he doesn't need to sift through hundreds of thousands of logs." Jim Paolicelli, Atlantic Constructors, IT Director
Blumira helps your IT team do most of the sleuthing and problem solving on their own, but there’s always someone to call when the stakes are high. Complex situations will arise, and for those you’ve got the number of Blumira’s Security Operations Team. The team is well versed in handling all types of security issues, and they're constantly monitoring the threat landscape to identify new risks.
Try Blumira XDR free for 30 days or use our Free SIEM forever, with three cloud integrations and 14 days of data retention. Sign up to start protecting your organization in minutes.