Unpacking the Tech Stack of Network Abuse Desks cover

·

Unpacking the Tech Stack of Network Abuse Desks

What is a Tech Stack

A tech stack encompasses an array of tools essential for supporting, managing, and facilitating the operations of an Abuse Desk. These tools come in diverse types, scopes, and applications.

The continued rapid growth of the internet has led to a competitive environment for online businesses, which unfortunately brings with it more opportunities for risk and abuse. Thankfully, modern tools are more comprehensive than ever, with faster and smoother integration capabilities.

Commonly, these tools incorporate automation like playbooks and usually something to aid with legal and regulatory requirements.

tech stack of network abuse desks

What’s in an Abuse Desk’s Tech Stack

Every Abuse Desk should have technology in place that is capable of handling your needs for compliance, automation, integration, protection, statistics, and support requirements. Consider these three areas as a good foundation to start with:

Case management

A way to automatically accept and parse hundreds or thousands of abuse reports a day, that can also integrate with existing or future systems. It is key that this technology utilizes automation to create and manage cases using the data from those abuse reports.

Customer notification

Communicating with your customers is valuable and required by law in many regions. The DMCA, for example, provides a safe harbor to providers who act according to the notification standards specified in the act.

Analytics

Analytics play an important role in understanding the day-to-day health status of your network. They give you key data points that you can use to become proactive in protecting your network.

Utilizing Threat Intel and Analytics

Incorporating threat intelligence data into your tech stack will help drive investigations and response. By using this data to look into the future, you will be closer to your goal of being a proactive rather than reactive Abuse Desk.

Sources for threat intel include the following.

  • Data subscriptions aka feeds
  • Reporters by industry or geographic location i.e. ISACs
  • Government and law enforcement agencies
  • Crowdsourced
  • Internally captured data

Combining external and internal sources simultaneously, you get a clear picture of (internal) what you know -vs- (external) what you don't know.

Utilizing systems capable of accepting, parsing, and showing this data in a meaningful way is a game changer for any abuse desk.

Integration

Your team's success greatly improves with the technology it utilizes. The decision to select a technology always comes down to the key factor of integration. How simple and fast will integration of the new tech with your existing tech stack be, and what are the benefits?

Streamlining a current process by integrating your technologies greatly increases efficiency. Automating workflows between different applications so that they send relevant data back and forth to each other saves time, money, and eventually agent burnout. Not to mention reducing the amount of user handling and potential for error.

Whether you have internally developed or industry-standard systems, look for technologies that seamlessly integrate with your current setup.

Read More

·

When you receive an abuse report, have you ever asked yourself; what should the entire lifecycle of the report takedown...

·

Introduction Monitoring and managing network abuse is a constant threat that demands the vigilance of security analysts. Maintaining a secure...

·

Another week, another DDoS attack. The effects of <a class="glossaryLink" aria-describedby="tt"...