Supervised Active Intelligence: Taking the Guesswork out of your Cyber Incident Response
In the upcoming months we will share details that outline our successful methodology “Supervised Active Intelligence”. We envision a world where your security team is empowered with all the information they need to make an intelligent, informed security decision based on coordinated information, intelligence and incident enrichment activities as early in the incident response life-cycle as possible.
We speak to a lot of Security Operations Center (SOC) personnel who want information in front of them before they start investigating. This is a part of human nature. We want as much information as we can get in order to make a decision. Too often we find that SOC teams spend most of their time digging around for information that is readily available in our Enrichment package within IncMan™
Conversely another problem we see is that businesses are drowning in technology. In fact, few know how many products they have at their disposal. This is something that’s not too uncommon, the purchase of more products leads to a false sense of security. We even see businesses use manual methods of cataloging and managing cyber/physical incidents by the use of Microsoft Excel
IncMan™ can leverage all of your endpoint/gateway malware analysis, intrusion detection/prevention and even intelligence services and put them in direct control with your Incident response. IncMan™ is able to leverage and directly interface within a single manageable interface. This will not only reduce up-skill for specific interfaces allowing less reliance on specialists, but allows your team to start the following chain of events:
• Enrich your team with all the required information to not only provide your immediate reaction teams with the information for decision makers, forensic coverage and reaction protocols
• Create your containment actions based on the products you have evaluated to meet a specific requirement in a company policy that aligns with best practice
• Mitigate the incident, providing evidence to legal entities, managed service providers and internal teams
• Re-mediate and action policy updates to your incident response, orchestrating your team as well as product solutions
• Feeding and influence knowledge bases, working with intelligence services and providing more information about what happened to your required services.
If you follow our standards and best practice, this will aid your GDPR readiness, HIPAA compliance, ISO 27001 and many more. Assuring for board members and management when a breach or other cyber events occur.
If you’re interested in seeing how we can work together to grow your incident response capabilities, visit us at https://www.DFLabs.com and schedule a demonstration of how we can utilize what you already have and make it better.