Geoff Hancock – Deception is the future of cyber operations, managing the fight, leading the fight and exhausting your enemy…and winning.
Organizations continue to state that deploying effective and efficient incident response remains one of their top ongoing challenges. Unfortunately, there isn’t an easy solution since the goal line continues to move back, while the “game” gets increasingly more complex. CSIRTs battle with a combination of more malicious activity data to sift through; limited time, manpower and expertise resources; and of course, the more severe consequences of today’s data breaches. Here are seven key steps that can help simplify and improve the process of detection, incident handling and response.
This week we announced that ThreatOps™ had been added to the Attivo ThreatMatrix™ Deception and Response Platform. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created. The playbooks can then be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, End-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network. Additionally, through an Attivo end-point agent or through integration with end-point companies like Carbon Black and ForeScout, information is shared so that customers can threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.