Incident Response Platform is a hub from which businesses can coordinate and track how security teams react to malicious events, says John Oltsik, an analyst with Enterprise Strategy Group.
The run books list tasks that need to be done -- call the FBI, alert the corporate legal team, re-image affected machines, etc. -- records who has been assigned each task, alerts them, sets deadlines and tracks progress toward accomplishing each goal. It sends reminders of looming deadlines and alerts when they are missed. "It's a real-time crisis coordination system," Schneier says.
Incident Response Platform connects with existing network security systems such as SIEMs and uses that information in concert with a dozen intelligence feeds that supply data about known attacks and indicators of compromise. That knowledge is used to define what's happening during an attack and to map out the response. With Action Module, security teams can execute mitigation from the same platform.
Action Module is available now.
Sign up for Computerworld eNewsletters.