Intrusion Response Orchestration

Automated, Orchestrated Security Response

Attackers and malicious code move fast. When monitoring and prevention efforts do no stop an attack from happening, fast action is needed to block active attacks, contain compromises and minimize damage. When an attacker is scanning your network, a compromised device is communicating to a malicious external location, or malware is propagating laterally, a manual response is often not fast enough to contain the threat and prevent a breach.

Proficio’s orchestrated defense is a cloud-based service option from Proficio’s Security Operations as a Service that triggers when high fidelity threats are detected. A defense software module can perform any of the following reactive or proactive Incident Response or Prevention Actions:

Active Defense For Next-Generation Firewall IP Blocking
  • Automatically block an IP address of an attacker
  • Automatically block a compromised device from outbound communication
  • Proactively block IP addresses of Ransomware attackers
  • Works with all major Firewalls and NGFWs
Defense for User Accounts
  • Automatically force password reset of suspicious account
  • Automatically lock an account for a period of time
  • Works with Active Directory and available for other IAM tools
Defense for Network Devices
  • Automatically remove or quarantine a device from the network
  • Works with popular NAC tools
Defense for Investigation and Forensics
  • Automatically snapshot a device image
  • Works with EnCase and other tools
Defense for Trusted Circles
  • Proactively block newly detected attackers discovered attacking industry peers in your trusted circle
Incident Response Orchestration Management

Incident Response Orchestration Management

The volume and ferocity of cyber attacks is on the rise at every organization and security teams are challenged to keep up with the full lifecycle of Incident Response and Remediation requirements including:

  • Investigation of detected Indicators of Attack or Indicators of Compromise
  • Containment of an attack or compromise
  • Recovery and remediation of an asset
  • Management and measurement of the Incident Response process
  • Forensic investigation and enhancement of security controls

Proficio Incident Response Orchestration Management includes people, process, and technology for orchestrating, automating, and managing responses to cyber attacks.

Runbook for alert escalation based on Use Cases

The documented Runbook maps to the Incident Response Plan and is automated to provide escalation alerts to operating teams with actions required for response.

Automated Incident Response through ProActive Defense module

Proficio defense modules automate steps in the Incident Response process including Containment, Device Quarantine, Suspension of User Account, Snapshot of Device, Threat Intelligence Profiling, or GeoLocation Lookup.

Incident Response Coordination

A Cyber Incident Response Team may be called together to investigate, recover, remediate and discuss disclosure of an incident. Proficio can provide a single point of ownership to monitor workflow and manage this process.

Playbooks for IR Manual Response

Playbooks are a defined process to perform an Incident Response investigation, response and remediation that may automate several steps in the process through ProActive Defense modules and present results to an IR Analyst for review and follow-up action.

Case Management to Measure the LifeCycle of Incident Response

The Proficio IR Orchestration Platform maintains a cloud-based Case Management system that records incident detection, response, and closed case metrics as well as evidentiary information in a secure system.

Now when I come in on Mondays, I’m not coming in to a nightmare that popped up over the weekend.