User Intel - Onboarding

• 

  Workflow Diagram

Inspiration

The BlueAlly Consulting group has an active project to develop an automated workflow to manage the user database in Cisco Unified Communications Manager (CallManager) deployments. The project is based on developing an Ansible Content Collection for the client's Ansible Automation Platform to enable the workflow. Creating an Ansible Content Collection for Pangea User Intel, allows additional value to the client with a minimal development effort and cost.

What it does

The BlueAlly Consulting group is engaged with a public university best known for its dental school, medical school, and college of engineering. As with any university, the students and faculty are transitory, having studied or taught at other colleges and as their tenure completes, enter the workforce.

When onboarding students, employees, or faculty, an automated onboarding process should incorporate a breached user investigation, in addition to creating accounts for email and phone. Organizations frequently reallocate phone extensions and the username is often the same for both personal and corporate email accounts and passwords are frequently common between accounts as well.

As a value-add to customers, credit card companies offer identity monitoring services at low or no cost. Providing a similar service as part of the onboarding process is a valuable benefit and provides a proactive layer of protection from data breaches at work.

The Pangea User Intel service provides the ability to check a massive repository of breach data to identify if Personally Identifiable Information (PII) or credentials are exposed to criminal elements.

IBM's latest Cost of a Data Breach reports the average cost of a data breach is $4.45 million. The cost has increased by 2.3% and 15.3% respectively in the past two years. Breaches in the healthcare and financial sector are the highest cost across all industries.

BlueAlly Consulting can incorporate automation of breach detection, Using Red Hat Ansible Automation Platform and this Ansible Content Collection, during the onboarding process through the ITSM (IT Service Management) system. The results of the User Intel queries can be attached to the active ITSM ticket, a SOAR platform, or emailed allowing the Security Operations Center to identify and mitigate issues associated with past data breaches.

How we built it

By creating a developer account on pangea.cloud and exploring the tutorials and documentation on the Python SDK, a functional plugin/module was developed, tested, and documented in a few days of coding.

Challenges we ran into

Really, no challenges at all. I am a big advocate of enabling a developer by way of community editions or developer accounts. This made the process very smooth and efficient.

Accomplishments that we're proud of

Enhancing the security posture of a client by offering an additional value-add at a reasonable cost.

What we learned

The ability to query huge volumes of breach data with efficient API calls was amazing.

What's next

We are excited to show this capability to our clients.

Built With

• ansible
• docker
• pangea
• python
• vscode