NEW PRESS RELEASE: SOD Awarded $2.2 M Grant to Futher Develop AQ Technology | Click Here
Linkedin
Twitter
Envelope
logo-horizontal-white

Respond and Remediate Against Threats

Can you detect cyber threats early and then respond quickly?

THREATWATCH RAR - RESPONSE & REMEDIATION

"Time-to-Detection" is everything when detecting cyber threats. If you cannot detect threats early and then respond quickly, you are not getting the most out of your Threat Detection service or solution.

ThreatWatch RAR integrates seamlessly with Security On-Demand's ThreatWatch platform as an add-on service. Take back the control finding Threat hunting can reduce malware dwell time, the time between its discovery and a data breach.

Shortening that cycle can make all the difference. Potentially spending just a few hours of remediation compared to going out of business due to a full-on compromise.

WHAT IS RESPONSE & REMEDIATION?

ThreatWatch Response & Remediation (RAR) provides you with orchestration capabilities such as containment and quarantine actions. The RAR service allows the SOC to perform forensic examinations of endpoints and servicers that exhibit malicious activity and then to take action on the information that has been gathered during the investigation.

ThreatWatch RAR is provided as an add-on service to ThreatWatch and is provided as an enhancement to the core threat analytics service. The service is licensed based on the number of endpoint and server devices that are used to be included in the scope of the service. The endpoints and servers can be configured to use an agent-based or agent-less approach to taking orchestrated actions.

Beyond Log Management and Advanced Threat Detection capabilities, the Response & Remediation service includes the following:

  • Threat Analysis: When there are threat indicators that indicate that an endpoint or server is likely compromised, the SOC will launch a targeted analysis on the endpoints in question to verify potential malicious activity to validate potential threats.
  • Threat Response: Once the threat is assessed and validated, a risk and confidence score will be assigned to the anomaly as part of the investigation and appropriate action will be taken based on the Response and Containment Decision Matrix described in the Section 2.
  • Quarantine Exclusions: The client is also required to identify any assets in advance in writing that should be excluded from direct action by the SOC.
  • Response Coverage: The Security Operations Centers will implement changes 24x7x365 in accordance with its triage and analysis responsibilities provided by the ThreatWatch/ATLAS Service.
  • Client Portal: All investigations and actions taken will be documented in a client ticket via the Service Center in the client portal or as sent/updated via e-mail to the client’s authorized contacts.
  • Reporting: Reports can be provided on a monthly basis via the Client Portal that provides information on alerts and events.

HOW THREATWATCH RAR WORKS

ThreatWatch® RAR integrates hunting toolsets and methods with Security On-Demand’s proprietary correlation and behavioral analysis capabilities, such as machine learning-based artificial intelligence and supervised learning models that use behavioral analysis of attack patterns. As part of the RAR service, SOD will:

Correlate Such Activity With Logs, Alerts, And Other Information Received
Direction Arrows
Monitor The Alerts, Logs, And Output Provided By The Advanced Threat Hunting Activities
Direction Arrows
Validate The Threat As Part Of The Triage And Investigation Process
Direction Arrows
Tune And Provide Continual Feedback To Ensure That Normal System Behavior Is Baselined

RESPONSE & CONTAINMENT

Once the threat is assessed and validated, a risk and confidence score will be assigned to the anomaly as part of the investigation and appropriate action will be taken based on the Response and Containment Decision Matrix.

Companies that identified a breach in less than 100 days saved more than $1 million as compared to those that took more than 100 days. Similarly, companies that contained a breach in less than 30 days saved over $1 million as compared to those that took more than 30 days to resolve. (IBM 2018 Cost of Data Breach study)

Find and contain threats quickly with the Threatwatch RAR. DOWNLOAD the SERVICE OVERVIEW to learn more

Get Service Overview