Organizations like NIST and SANs lay out detailed frameworks for incident handling and response. The challenge comes in applying these to real-world incident response situations.
There is a lot of security technology available, but getting it all to work together effectively can be difficult and generally requires highly skilled staff and resources, which are not always available.
Attivo Networks looked at these frameworks and built its ThreatMatrix Deception and Response platform to address preparedness and detection security gaps within these models.
(Learn about deception technology and the Attivo Networks ThreatMatrix Deception and Response Platform. Courtesy of Attivo Networks and YouTube)
Additionally, Attivo recognized that, while detection in itself is critical, to be truly useful, solutions also need to go one step further and be able to provide the in-depth attack insight to accelerate incident response.
Attivo Networks Adds ThreatOps™ to the ThreatMatrix™ Deception and Response Platform
The ThreatOps solution is designed to accelerate incident response by utilizing a multi-correlation engine that automates the analysis and forensic reporting of an incident.
This attack information will then create evidence-based alerts and be viewable in a threat intelligence dashboard in which double click actions can be taken through 3rd party integrations to block and quarantine attackers.
This functionality provides significant benefit to customers in accelerating their incident response.
The next step is addressing the challenge of aggregating and correlating attack information from multiple sources.
The ThreatOps solution was then released to provide organizations automated playbooks based on integrations with an organization’s existing infrastructure.
The ThreatOps solution creates an environment where attack data can be aggregated from multiple sources and combined with the Attivo BOTsink attack information.
Companies can then create playbooks based on information that they would like shared with their firewalls, endpoint, NAC, and SIEM solutions, so that their security policies can automatically be applied.
This creates repeatable processes, speeds up response, and reduces complexity and staff workload.
The ThreatOps UI is based on drag and drop technology with guidance on actions that can be applied. This makes it easy for security analysts of varying levels of expertise to set up use these playbooks.
The ThreatOps solution makes great strides for easily integrating security infrastructure in order to provide continuous threat management, simplified incident response, and a stronger overall security defense.
“The Attivo vision for the ThreatMatrix Deception and Response Platform is to provide our customers with the most efficient and comprehensive solution for continuous threat management,” said Tushar Kothari, CEO of Attivo Networks.
“The addition of the ThreatOps Incident Response solution now expands the value of the ThreatMatrix solution to achieve dramatic acceleration of investigations and incident response, in addition to real-time deception-based detection.”
“Our customers are excited about the opportunity to create repeatable processes through playbooks and to be able to optimize their current infrastructure to simplify and automate their incident response.”
Benefits of the ThreatOps Solution Include:
- Incident scoring and playbooks for repeatable processes
- Automatic quarantine and attack blocking with 3rd party integrations
- Threat hunting through Attivo and NAC integration
Best Practices for Detecting and Mitigating Advanced Threats, 2016 Update
In their “Best Practices for Detecting and Mitigating Advanced Threats, 2016 Update,” published last March, Gartner analysts Lawrence Pingree, Neil MacDonald and Peter Firstbrook recommended “when possible, consider automating your IR investigation triage efforts with integration between forensic analysis tools and other security monitoring software to more rapidly respond to potential suspicious security events when they occur.”
They also noted as a best practice, considering “utilizing deceptions across endpoint, application, data, identity (fake credentials) and network infrastructure to enhance your advanced-threat and insider-threat detection goals.”
The ThreatOps Incident Response Solution joins the BOTsink engagement servers and decoys, the Threat Strike End-point Suite, and ThreatPath attack path visualization software, in the portfolio that makes up the Attivo ThreatMatrix Deception and Response Platform.
Attivo Networks ThreatOps in 2017 ‘ASTORS’ Homeland Security Awards Program
The 2017 ‘ASTORS’ Homeland Security Awards Program, organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
As an ‘ASTORS’ competitor, the Attivo ThreatOps Solution will be competing against the industries leading providers of innovative integrated security management systems.
Good luck to Attivo ThreatOps on becoming a Winner of the 2017 American Security Today’s Homeland Security Awards Program!
To learn more about ThreatOps and Attivo Networks wide range of offerings, please visit the companies website at https://attivonetworks.com/
