Our approach to Incident Response:
ThreatQ and ThreatQ Investigations are designed to support the fact that incident response is a team sport. Start by importing an event/investigation along with any peripheral intelligence into a shared investigation environment. This instantly allows an incident responder to quickly assess what other research has been performed and by whom, what tasks need to be assigned, and how all the data relates. The ability to include the necessary resources from outside the immediate security department (i.e., database administrators, application specialists, etc.) ensures complete situational understanding and engages the full set of capabilities of the organization. As the necessary responders from around the organization complete tasks and publish them to the larger incident canvas, the team progresses towards identifying patient-0 and re-arming the organization against the next wave of attacks.
If a team knows their attackers’ tactics, techniques and procedures (TTPs) , then as that intelligence comes in, they can be scored appropriately and even be added to a “watchlist” for visibility. This is a subtle and proactive way to keep a finger on the pulse of malicious activity. When adversary profiles are frequently updated and maintained with the latest attributes, new analysts can learn about the adversary exponentially faster.
IR teams tend to work within specialized IR platforms. A two-way integration with a threat intelligence platform ensures that the user can focus on their processes and procedures without the need to switch back and forth between multiple interfaces and platforms.
Documenting investigations that can be correlated to future cases, results in organizational memory and ability to correlate investigations that may have seemed to be separate, but are in fact part of a single campaign.
- Better analysis is performed.
- Faster response time and time to resolution.
- More incidents can be completed.
- Current incident resolution is faster by applying past learnings.
- Better team collaboration and productivity.
- Increased new hire ‘time-to-value’ (TTV).
- Faster and more complete understanding of how to orchestrate a coordinated response.
Product videoPlay video
Other products from
Incident Response Use Case is assigned to following product groups:
- Products and Solutions for IT Security (247)
- APT protection (131)
- Banking (IT security solutions) (204)
- BSI IT baseline protection (products and services) (166)
- CIP - Critical Infrastructure Protection (security solutions) (270)
- Computer emergency response team (CERT) (61)
- Counter-intelligence (80)
- Early warning for IT (91)
- Health services (IT security solutions) (137)
- Industrial IT security (294)
- Managed security services (296)
- Risk analysis and management (179)
- Security management (175)
- Threat analyses (268)
- Vulnerabitlity and patch management (130)
- IT security rooms and cabinets (14)
- Data center operation (68)
- Insurance IT security (35)