A single pane of glass for Incident Response teams; instantly verify, prioritize and contain advanced threats and targeted attacks detected by industry leading security vendors.

 

Far too often security teams spend their time manually researching a detected security threat using a variety of disconnected tools.  Threat Response provides a single pane of glass designed from the ground up for the incident response process. By bringing all the relevant threat information together in one place and helping analysts identify important relationships Threat Response streamlines the workflow required to rapidly respond to a detected security threat. The system includes a number of key components:

  • Dashboard – see all your critical threats, open incidents and more all at a glance
  • Incident Scoring – scores are automatically adjusted as new details are discovered
  • Incident Workflow – assign incidents to analysts and collaborate in an incident
  • Incident Details – view all the collected data about an incident in one place
  • List Management – add and remove identities and hosts to/from quarantine and containment lists
  • Event Sources – view threat detection systems that will be generating alerts
  • Device Updates – view devices and update schedules for your existing infrastructure
  • Reporting – view real-time trends about malware, infected users, CNC IPs and much more

All of these components are seamlessly integrated to ensure that security teams are able to quickly analyze the collected data so that they can prioritize and respond to security threats as soon as they are detected.

 

Proofpoint Situational Awareness

Automatically collect important context data to quickly respond to security threats.

Many security alerts lack critical information required to determine the context of a threat and appropriate next steps.  Threat Response automatically collects important context data to help security teams quickly understand and respond to detected security threats.

Full situational awareness requires that security teams be able to quickly determine the answers to questions such as:

  • Who is the user, or users, that are under attack?
  • What department or group do these users belong to?
  • Do any of the user’s systems contain indicators of a successful attack?
  • Has this attack been seen before either in our environment or elsewhere?
  • Where is the attack coming from and where are the CNC nodes located?

Infection Verification

Real-time automated confirmation of infections using our built-in IOC Verification Agent.

One of the most time consuming parts of investigating a new threat report is determining whether or not the user was actually infected (aka “false positives”). Threat Response automatically confirms infections using its built-in IOC Verification Agent.

No matter how elusive the malware, infections often leave behind telltale signs known as Indicators of Compromise (IOC).  These IOCs can include things like:

  • Processes
  • Mutexes
  • File system changes
  • Registry changes
  • And more…

 

Threat Containment

Integrate with existing security infrastructure to block, quarantine and protect against verified threats.

The speed at which malware can damage an organization has continued to get progressively faster, so organizations need a way to instantly contain threats once they have been confirmed. Threat Response integrates with existing security infrastructure to block verified threats, quarantine infected users and protect additional users from being infected.

Organizations have made significant investments in their security infrastructure, such as firewalls and web proxies. These devices already inspect user traffic, but Threat Response helps make them more effective by updating the devices with information from detected threats.

 

Automated Workflows

Customize automation of critical workflows get the appropriate level of response for your needs.

Sometimes organizations want to review detailed information prior to responding a detected security threat and other times they need to contain threats instantly the moment they are detected. Threat Response provides the ability to customize the automation of critical workflows so that organizations get the appropriate level of response for their needs.

The Incident Response process can be time consuming and often involves multiple members of the security team researching and confirming detected threats.  Threat Response provides a workflow that was designed from the start for the incident response process.