Push button function acts as first response alert for any security breach
Its ‘push button’ feature helps security analysts progress from detection to threat containment to investigation with just a single click. Once activated, it will isolate and quarantine individual assets from a detection directly within and then pivot seamlessly into an investigation workflow.
The intelligent feature gives cyber defenders the necessary tools they need to dramatically accelerate containment while minimising disruption to the organisation.
Unlike automated response offerings, push-button response gives security analysts the ability to control how and when assets are quarantined based on high-fidelity detections. It is enriched with intelligence that extends from the network to the endpoint, or any computing device such as a laptop, desktop or smart phones.
“In the past five years, the detect-and-respond model that assumes the best perimeter defence will eventually be breached.
Jesse Rothstein, co-founder and CTO, ExtraHop.
Many organisations remain reluctant to invest more in this approach due to the complexity of playbook-driven response. The new push-button arms cyber defenders with the ability to rapidly and precisely quarantine compromised devices without causing massive disruption to the organisation.”
The new feature effectively detects network and endpoint attack behaviours. With threat intelligence, it can automatically quarantine impacted devices to stop breaches faster. Every second matters during a security breach, users armed with this capability can act with speed and precision, accelerating the response times while minimising the impact to the business.
New capabilities built on existing platforms for highly-targeted attacks
Security operations centre (SOC) analysts play a central role in modern security teams, because they are on the front line of cyber defence, detecting and responding to cyber attacks as they happen.
“This new capability enables faster remediation and faster time to respond, letting teams focus on critical assets and resources,” said Chris Kissel, research director, security and trust, IDC. “The focus on streamlining the work of the overburdened SOC analyst adds real value for defenders.”
Integration across multiple security platforms
Push-button response to integrate throughout various security operations platforms, worldwide:
- Unified threat intelligence: It details behavioural insights to deliver complete coverage, by analysing correlated data that is contextualised through a console.
- Real-time detection: security teams can rapidly detect threats, such as anomalies in network access privileges and suspicious remote access connections. It detects any irregular data exfiltration, ie., theft or unauthorised removal of any data from a network or device. They also can thwart attack techniques occurring on the endpoint, including ransomware, local file enumeration, process spawning, and code execution. This provides complete coverage across the entire attack surface.
- Instant response: instantly quarantines a device with a single click within the platform. This approach cuts off attacker access to network resources and endpoints, stopping an attack in progress without disrupting business or slowing the investigation workflow.
- Continuous endpoint visibility: continuously updates and maintains a list of devices impacted by threats. This alerts customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT devices that may not be compatible with some agents.
“With new advanced and evolving threats challenging organisations daily, security teams must act with impeccable speed and accuracy to safeguard the business from a breach.”Geoff Swaine, vice president of global programs, store, and alliances at CrowdStrike.