Organizations like NIST and SANs lay out detailed frameworks for incident handling and response. The challenge comes in applying these to real-world incident response situations. There is a lot of security technology available, but getting it all to work together effectively can be difficult and generally requires highly skilled staff and resources, which are not always available. Attivo Networks looked at these frameworks and built its ThreatMatrix Deception and Response platform to address preparedness and detection security gaps within these models.
Organizations continue to state that deploying effective and efficient incident response remains one of their top ongoing challenges. Unfortunately, there isn’t an easy solution since the goal line continues to move back, while the “game” gets increasingly more complex. CSIRTs battle with a combination of more malicious activity data to sift through; limited time, manpower and expertise resources; and of course, the more severe consequences of today’s data breaches. Here are seven key steps that can help simplify and improve the process of detection, incident handling and response.
RSA Conference underway
RSA, the world’s largest security conference, is underway this week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks. They’ll also be able to view the latest hardware and software to protect their most valuable corporate assets. Here is a brief description of some new security products being announced at the conference.
This week we announced that ThreatOps™ had been added to the Attivo ThreatMatrix™ Deception and Response Platform. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created. The playbooks can then be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, End-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network. Additionally, through an Attivo end-point agent or through integration with end-point companies like Carbon Black and ForeScout, information is shared so that customers can threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.
Attivo Networks® today announced that ThreatOps™, which has been added to the Attivo ThreatDefend™ Deception and Response Platform, will be launched at next week’s RSA Conference. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created.