In this time of rapidly evolving digital transformation, the ability to quickly identify and remediate problems has become more important than ever. In order to address this issue, Kintaba created IRConf, a conference dedicated to the discussion of effective incident response strategies.
This conference is the first of its kind and is set to be held on April 1. IRConf features presentations from multiple vendors who specialize in this issue and create tools to offer organizations meaningful solutions.
“I think the big thing that’s really exciting to me is how quickly this conference came together,” said John Egan, CEO of Kintaba and a panel member at IRConf. “The ‘a-ha moment’ behind this was that there has to be a conference for the responders and the practitioners because these are the people who are already doing this day-to-day and need that community.”
He went on to explain that the purpose of this conference is to go beyond just the teams that are working directly with incident response in order to get the entirety of an organization involved. “It’s more about the holistic impact of incident management for organizations,” he said.
“I think the biggest problem in incident response is an inconsistent process across companies,” said Egan, “Incident management has only really existed as a formalized practice since maybe 2016… Since then, organizations have started to put bits of process into place but there are still a lot of question marks.” Egan explained that since the concept of incident response is still relatively new, many organizations are still struggling to determine what the best practices are and how to implement them to yield the best results.
“I think what this industry is missing is consistency, and I think the reason it’s missing consistency… is because there really isn’t a community or an open line of communication across companies and practitioners to discuss how to do things right,” Egan said.
He said that this lack of consistency became somewhat of a backbone for IRConf and a large reason why it was created in the first place. Egan explained that even if organizations bring in a product focused on responding to incidents, there are most likely going to be higher level questions that arise about how to build the best possible culture and process for incident management. “I really think that that is the piece that’s starting to come together, we’re beginning to have consistent best practices and sharing of those practices across organizations,” he said.
According to Egan, Kintaba is working to solve this problem of consistency and visibility in incident response by providing users with a set of features that encourage holistic visibility. “There’s a set of configurations that you can do that give you best practices straight away,” he explained. “So… you can go from having nothing documented…and move all the way over to one place where incidents are filed, one dashboard, a consistent record, an audit log of the resolution conversations, status, post mortems, all of that you get right out of the box with a self service system.”
Itiel Shwartz, CTO and co-founder of Komodor, said that the biggest issue he is seeing in incident response is a general lack of preparedness. “At the end of the day, no one really wants to have bad things happen to a system,” he said. “It’s usually going to catch most organizations off guard and they get surprised that the system is down… and I think the lack of thinking about the problems in advance is the biggest obstacle.”
Shwartz explained that when it comes to complex systems, it is not a matter of if something is going to go wrong, but rather, when. He said that knowing this and approaching these problems offensively rather than defensively will result in quicker remediation times.
According to Shwartz, his session at IRConf will mainly cover the lack of preparedness currently being seen as well as ways to effectively solve this problem. “I’m going to look at a bare-boned Kubernetes application, I’m going to break it a little bit, and then I’m going to talk about the best way to understand different failures and errors,” he said.
He also explained that his session will cover what organizations need to do beforehand in order to ensure that when a system does crash, developers will have all of the data needed to solve the issue. Shwartz said,
He said that Komodor can help many organizations solve this issue because the platform was made with years of indecent response and troubleshooting experience to back it up. “Even developers or DevOps that are not the most expert [in incident response] can solve these issues quite quickly because… we collect all of the data without them needing to do anything and the way we show it to them is very intuitive and easy,” Shwartz said.
Anais Urlichs, another speaker at the conference and a developer advocate at Aqua Security, said that the biggest challenge for incident response that she has seen is receiving the right information at the right time in order to solve the problem quickly and correctly.
“A lot of the time you have to filter through your resources to find the cause of the incident because you don’t have the right information,” she said. “A lot of time is usually spent just going through resources and figuring out what is actually causing the incident.”
She explained that Aqua Security is helping to solve this problem by working with open-source security tools to allow developers to gain further insights into the root cause of the issue within the system that is down. “[A lot of the time] We aren’t thinking about how we can utilize security tools to gain these insights… but because security tools are working to identify malicious behavior, they also will give additional insights into different workloads that will help you to debug problems,” Urlichs said.
This integration of security tools into an SRE workflow is what Urlichs’ presentation at the conference will cover. In addition, she said that she will discuss different methods geared towards making the culture of SRE more security oriented while avoiding the creation of unnecessary silos. “A lot of the time you’ll have the security team and the SRE team and they will collaborate on some aspects but a lot of smaller businesses especially don’t have that privilege,” Urlichs explained.