Swimlane Turbine extends visibility and response for security teams
Swimlane released Swimlane Turbine, a low-code automation platform. Turbine’s approach to low-code security automation is both approachable enough for those with no coding experience, and sophisticated enough to satisfy the world’s most demanding security teams.
Solving top security challenges with extended visibility and response
Security teams continue to face pervasive challenges, including navigating a global security talent shortage, keeping up with an ever-changing threat landscape, and complexity across security environments due to siloed tools, teams, and processes. Security leaders are accountable for quantifying the business value of security programs to executives, the board, customers, and partners, and are constantly challenged to demonstrate results like reduced MTTR, better ROI, and improved risk posture maturity.
“How XDR is delivered today fails to meet the needs of organizations by not providing the breadth of visibility desired beyond a select number of threat detection vectors and simultaneously limits the ways in which organizations can respond to threats to that same small subset of tools,” said Cody Cornell, co-founder and chief strategy officer, Swimlane.
“Today’s threats are broad and multifaceted, and with Swimlane Turbine, customers can extend their visibility for SecOps and take better advantage of investments made in security analytics and XDR to bring a broader range of telemetry into their security pipeline and leverage every one of their security and IT tools to better investigate and respond to threats in real-time.”
“Tasked with managing an ever-increasing volume of telemetry from a range of disparate sources, enterprises and service providers are seeking tools that help them do a better job of managing false positives and repetitive tasks so they can more quickly respond to legitimate threats,” said Jackie McGuire, Research Analyst, Information Security with 451 Research, part of S&P Global Market Intelligence. “Swimlane has invested heavily in low-code automation and workflows and sees opportunity in removing the technical hurdles to automation development.”
Introducing Swimlane Turbine
The Swimlane Turbine platform is a force multiplier for security operations that delivers the desired outcomes of XDR. Historically, security orchestration automation and response (SOAR) platforms have not been evaluated based on their throughput capacity. Turbine sets a new standard with its ability to ingest, enrich, and action on petabytes of data at machine-speed. In order to stop threats at the point of inception in a rapidly expanding attack surface, organizations are demanding solutions capable of ingesting dramatically larger and more diverse data sets.
They need the ability to unify complex environments by connecting with things that are typically siloed from a security perspective, like cloud, internet of things (IoT) and edge computing. XDR solutions are aimed at solving this same problem, but perpetuate closed ecosystems for data ingestion and response. What security teams need, that only Turbine delivers, is the ability to respond to threats the instant they occur – not after detection, data aggregation, and manual response processes.
Swimlane has spent the past two years building Turbine with cloud-scale and power in mind, so that our customers can unlock the potential of true XDR through an approachable low-code automation solution. With one eye on customer requirements and the other on market trends, the Swimlane Turbine platform introduces three strategic technology developments that raise the bar for extended visibility and response requirements:
Active Sensing Fabric
The Active Sensing Fabric in Swimlane Turbine will help organizations gather security telemetry and take action on changes in their environment closer to the point of inception. This capability enables security teams to create data-centric strategies that are more successful at thwarting attackers in near real-time through big data ingestion, pre-processing, inline enrichment, and connectivity to hybrid and multi-cloud environments. Key features that enable the Active Sensing Fabric include:
- Flexible webhooks — Turbine’s webhooks expand actionability by enabling products, vendors and services to push real-time communication into Turbine. New webhook listeners can be created directly in the playbook-building experience within seconds and are easily managed with flexible authentication options to cover a wide variety of capabilities found in third-party tools. The use of webhooks in playbooks gives analysts real-time visibility into events and enables security teams to drastically improve metrics like mean time to detection (MTTD) and mean time to resolution (MTTR).
- Remote agents — The new architecture allows customers to connect internal applications and systems to Turbine without the need to configure multiple VPNs or complicated networks. Remote agents are restless and dynamic sensors that enable intelligent collection of hard-to-reach telemetry sources in order to speed up MTTR by taking action directly at the source. This highly secure and frictionless process is particularly beneficial to distributed organizations with multiple business units, multi-cloud, hybrid or segmented environments.
Swimlane customers will be able to connect to any API without assistance. Once the instant connection is established, the customer can see the list of actions it is capable of, the data and identity types it can send, and pull these actions or triggers into a playbook.
- Connectors — Turbine connectors facilitate stable, scalable and secure connections to any API in a customer environment. These portable connectors lay the technical foundation for the future of autonomous integrations. Turbine’s connector technology delivers on the promise of XDR by enabling integrated detection and response by connecting Turbine with any API, extending the capabilities of XDR beyond the typical closed ecosystem approach.
Adaptable low-code playbooks
Turbine enables customers to quickly and easily build modular, repeatable playbooks that enrich and process real-time data while bringing humans into the automation loop when necessary. Its human-readable Condition Builder codifies business logic and best practices without requiring code to be written. This results in customers being able to build playbooks in half the time with a truly low-code building experience, where they can use human-readable logic to select actions or triggers easily.
“Swimlane Turbine’s Active Sensing Fabric and webhooks are going to be a game-changer for us. We live in a world of data and APIs, so the new Turbine capabilities mean our services won’t have a disruption when security products update their API or detection logic,” said Chad Hayden, Chief Strategy Officer at Pareto Cyber. “Turbine will be at the backbone of helping us deliver more efficient and effective XDR managed services for our customers.”
“The ease of use and visual user experience of Swimlane Turbine’s playbooks lowers the barrier of entry for analysts to be successful automators. With Turbine, we’ve seen that tier one analysts can build playbooks two to three times faster than they can with other solutions,” said Zach Tielking, Chief Cyber Forensicator at Digital Investigation Group. “Using Turbine will enable us to spend more time on our customers instead of building or managing solutions.”
“Swimlane Turbine has given us the tools to help our customers accelerate security response by actioning the event at the source,” said Cody McGehee, SOAR Engineering Team Lead at ECS Enterprise Managed Services. “The remote agent feature is a game-changer as we seek to efficiently manage multiple infrastructures for our diverse customer base.”
In July, Swimlane Turbine will be available for new cloud customers. Existing Swimlane customers will benefit from an upgrade path available later this year.