Continuous, Automated Incident Response:
DATASHEET
Continuous, Automated Incident Response: Resolution1 Weaponized CDM
The Power of Resolution1 Platform for CDM The Resolution1 Platform is a Continuous, Automated Incident Resolution (CAIR™) platform, delivering the critical capabilities necessary to detect, analyze, and resolve any data event—from security breaches to e-discovery and other governance, risk and compliance (GRC) issues. It integrates network, endpoint, malware analysis and remediation technologies into a single, scalable platform. This makes it possible for all security and compliance teams to do their jobs using one platform, automating tasks and collaborating in real time to address any security incident. With the Resolution1 Platform, several critically important CDM tool functional area requirements are met or exceeded. These include: MANAGE SECURITY RELATED BEHAVIOR: Continuous monitoring of the network and endpoints—including assets that are not logged into your network—allows you to quickly identify unaccepted or malicious behavior. If anomalous behavior is identified, you can kill processes or isolate the endpoint with a single mouse click. (Functional Areas 7) PREPARE FOR CONTINGENCIES AND INCIDENTS: The ability to have real time threat detection utilizing threat intelligence to achieve rapid detection and the ability to perform regular scans for unknown threats and anomalous behavior is an integral step in preparation as is the ability to set automation parameters for automated isolation and response in the event that a threat is detected. (Functional Areas 10) RESPOND TO CONTINGENCIES AND INCIDENTS: Agencies require full spectrum incident response capabilities with complete visibility into and analysis of network, endpoints and malware. Having this all integrated into a single platform with automation capabilities streamlines the process, facilitates collaboration and communication and reduces response time significantly. (Functional Areas 11) MANAGE AUDIT INFORMATION: Continuous monitoring described above is complemented by the ability to generate reports up and down the chain of command. This is further supported by a virtual war room for all teams so that they can work synchronously to detect, analyze, and remediate compromises. (Functional Areas 14)
Faster Resolution, Increased Visibility & Contextual Details Resolution1 provides the most complete set of tools for CDM response because it provides automated response to incidents and complete visibility as shown in the infographic on following page.
GLOBAL HEADQUARTERS +1 844 407 2178 1100 Alma Street Menlo Park, CA 94025 USA
Weaponized Incident Response Identify all compromised systems and automatically isolate in seconds. Automatically kill malicious processes, as they are detected, to prevent widespread damage. Auto-correlate endpoint and network data with your customizable ThreatBridge threat intel library to establish context and gain actionable intelligence. Perform advanced volatile data/memory analysis. Facilitate real-time collaboration and communication with stakeholders. Learn the behavior and intent of suspicious binaries in seconds without running the code in a sandbox. Correlate host and network data to determine root cause, proliferation and all actions being performed. Play back incidents in real time with Blackbox™ capabilities on the endpoints and network, including visibility into social media and chat activity, as well as SSL- and SSH-encrypted communications. Use the intelligence gathered to build threat profiles and IOCs to monitor for recurrence and improve your security posture.
Security demands real-time, automated response. Integrating my SIEM with Resolution1 has reduced our response times from 12 hours to 2.5 hours. Golan Ben-Oni, CSO and SVP of Network Architecture, IDT Corporation
NORTH AMERICAN SALES +1 844 407 2178 Fax: +1 801 765 4370 [email protected]
www.Resolution1Security.com
ThreatBridge™ is a key component of Resolution1 Platform that allows threat intelligence from virtually any source to be consumed and weaponized. The following are ways in which ThreatBridge detects and responds to more threats faster, with the increased visibility and contextual detail required to prioritize incidents, respond rapidly, and remediate with confidence.
REAL-TIME ENDPOINT THREAT DETECTION
LEARN MORE www.Resolution1Security.com
INCIDENT TRIAGE
Monitor endpoints in real time, auto-correlating with threat intel to identify threats as they happen.
Analyze endpoints & auto-correlate with ThreatBridge to validate threats, establish context and prioritize.
SIEM Next-Gen Firewall Next-Gen Malware Detection
4 1
C A N D T H R E AT F E E D L E YO U R IO I U P D AT G E N C E G AT H E R E D D U R I N G I N C I B R A R I E S DENT I L L E T ANAL G IN N YSIS I S U
HUNT FOR THREATS
Proactively hunt for threats using IOCs and YARA rules.
THREAT INTEL
IP Reputation Open Source Malicious URL Actionable Observable Content Phishing Email Internally Developed Trusted Partners IOCs YARA Rules
ThreatBridge
™
2 REAL-TIME NETWORK THREAT DETECTION
Monitor network traffic in real time, auto-correlating with threat intel to identify threats as they happen.
3
Continuous, Automated Incident Response: Resolution1 Weaponized CDM
The Power of Resolution1 Platform for CDM The Resolution1 Platform is a Continuous, Automated Incident Resolution (CAIR™) platform, delivering the critical capabilities necessary to detect, analyze, and resolve any data event—from security breaches to e-discovery and other governance, risk and compliance (GRC) issues. It integrates network, endpoint, malware analysis and remediation technologies into a single, scalable platform. This makes it possible for all security and compliance teams to do their jobs using one platform, automating tasks and collaborating in real time to address any security incident. With the Resolution1 Platform, several critically important CDM tool functional area requirements are met or exceeded. These include: MANAGE SECURITY RELATED BEHAVIOR: Continuous monitoring of the network and endpoints—including assets that are not logged into your network—allows you to quickly identify unaccepted or malicious behavior. If anomalous behavior is identified, you can kill processes or isolate the endpoint with a single mouse click. (Functional Areas 7) PREPARE FOR CONTINGENCIES AND INCIDENTS: The ability to have real time threat detection utilizing threat intelligence to achieve rapid detection and the ability to perform regular scans for unknown threats and anomalous behavior is an integral step in preparation as is the ability to set automation parameters for automated isolation and response in the event that a threat is detected. (Functional Areas 10) RESPOND TO CONTINGENCIES AND INCIDENTS: Agencies require full spectrum incident response capabilities with complete visibility into and analysis of network, endpoints and malware. Having this all integrated into a single platform with automation capabilities streamlines the process, facilitates collaboration and communication and reduces response time significantly. (Functional Areas 11) MANAGE AUDIT INFORMATION: Continuous monitoring described above is complemented by the ability to generate reports up and down the chain of command. This is further supported by a virtual war room for all teams so that they can work synchronously to detect, analyze, and remediate compromises. (Functional Areas 14)
Faster Resolution, Increased Visibility & Contextual Details Resolution1 provides the most complete set of tools for CDM response because it provides automated response to incidents and complete visibility as shown in the infographic on following page.
GLOBAL HEADQUARTERS +1 844 407 2178 1100 Alma Street Menlo Park, CA 94025 USA
Weaponized Incident Response Identify all compromised systems and automatically isolate in seconds. Automatically kill malicious processes, as they are detected, to prevent widespread damage. Auto-correlate endpoint and network data with your customizable ThreatBridge threat intel library to establish context and gain actionable intelligence. Perform advanced volatile data/memory analysis. Facilitate real-time collaboration and communication with stakeholders. Learn the behavior and intent of suspicious binaries in seconds without running the code in a sandbox. Correlate host and network data to determine root cause, proliferation and all actions being performed. Play back incidents in real time with Blackbox™ capabilities on the endpoints and network, including visibility into social media and chat activity, as well as SSL- and SSH-encrypted communications. Use the intelligence gathered to build threat profiles and IOCs to monitor for recurrence and improve your security posture.
Security demands real-time, automated response. Integrating my SIEM with Resolution1 has reduced our response times from 12 hours to 2.5 hours. Golan Ben-Oni, CSO and SVP of Network Architecture, IDT Corporation
NORTH AMERICAN SALES +1 844 407 2178 Fax: +1 801 765 4370 [email protected]
www.Resolution1Security.com
ThreatBridge™ is a key component of Resolution1 Platform that allows threat intelligence from virtually any source to be consumed and weaponized. The following are ways in which ThreatBridge detects and responds to more threats faster, with the increased visibility and contextual detail required to prioritize incidents, respond rapidly, and remediate with confidence.
REAL-TIME ENDPOINT THREAT DETECTION
LEARN MORE www.Resolution1Security.com
INCIDENT TRIAGE
Monitor endpoints in real time, auto-correlating with threat intel to identify threats as they happen.
Analyze endpoints & auto-correlate with ThreatBridge to validate threats, establish context and prioritize.
SIEM Next-Gen Firewall Next-Gen Malware Detection
4 1
C A N D T H R E AT F E E D L E YO U R IO I U P D AT G E N C E G AT H E R E D D U R I N G I N C I B R A R I E S DENT I L L E T ANAL G IN N YSIS I S U
HUNT FOR THREATS
Proactively hunt for threats using IOCs and YARA rules.
THREAT INTEL
IP Reputation Open Source Malicious URL Actionable Observable Content Phishing Email Internally Developed Trusted Partners IOCs YARA Rules
ThreatBridge
™
2 REAL-TIME NETWORK THREAT DETECTION
Monitor network traffic in real time, auto-correlating with threat intel to identify threats as they happen.
3
