For SOC teams, it might seem like the new year brings the same security challenges, but we’re not just recycling last year’s SOAR playbooks. We’ve got a fabulous new whitepaper to ensure a stress-free 2023 for your team, with three SOAR playbooks that go beyond the SOC and tackle cross-team use cases.
In a previous post, we looked at how Smart SOAR can be used to handle malicious insider threat investigations by automating and orchestrating response actions across a range of data loss prevention, HR, and identity management tools. In this post, we’ll explain how SOAR can help streamline the employee onboarding and offboarding process by working with HR and IT departments, and in concert with IT service management and identity management tools.
Onboarding is the process of bringing new employees to an organization and providing them with all the tools and assistance they require to thrive in their new roles. This typically entails tasks like configuring their computer and email, offering them training materials, and introducing them to their coworkers.
When an employee leaves the company voluntarily, involuntarily, or as a result of termination, this process is referred to as offboarding. This can involve things like deactivating their access to business resources and systems, conducting an exit interview, and notifying team members of their departure.
Identity management tools play an important part of both the onboarding and offboarding processes, as they involve managing the digital identities and access rights of employees within the organization.
Onboarding and offboarding are important touch points in an employee’s journey with a company, and they should be handled with empathy and sensitivity. A poor experience can significantly color the views of an employee and make the difference between a positive or a negative testimonial. A well-planned offboarding experience on the other hand can improve your reputation and leave the door open for boomerang employees.
Onboarding and offboarding employees can be time-consuming. Notable pitfalls of doing it manually include:
SOAR playbooks bring the rigor of a checklist to the process, ensuring that any process and policy around onboarding and offboarding is consistently followed and documented, with automation helping to speed up SOPs that can be programmatically handled. This is a high-value service that MSSPs can provide by simply integrating with their clients’ identity management tools.
Let’s briefly explore how Smart SOAR streamlines the employee onboarding and offboarding process. Smart SOAR’s integrations with identity management tools like Active Directory and Okta, and ticketing systems like Jira and ServiceNow enable security teams to speed up the process to a few clicks.
The onboarding/offboarding playbook can be triggered by a Jira or ServiceNow ticket, or another method, such as an email or a command from an integrated tool. Smart SOAR parses the information and orchestrates the identity management tool to create/deactivate the new users and auto-populates the required fields. When the users have been created or deactivated, the playbook notifies the appropriate people and, if the request came from a ticketing system, the ticket will be updated.
Additionally, the playbook could also be used to send the new employee relevant information such as training materials or employee handbooks, or non-disclosure agreements. If any issues arise, the playbook can trigger the appropriate actions to resolve them, such as escalating the issue to a support team or rolling back any changes that were made.
Empower your team to make programming and workflow improvements with a no-code automation solution. We offer comprehensive vendor-neutral integrations, flexibility, and room for non-security use cases. We’re also the only vendor to offer the Event Pipeline, which helps you automate virtually every task that a tier-one or tier-two analyst would perform. Want to empower your team to achieve more with less work? For a hands-on look at our advanced triage and correlation, case management, and third-party threat intelligence options, schedule a demo.