The Respond Analyst™

The Respond Analyst™ is the first product to provide automated expertise where it’s most valuable – when deciding to escalate an incident or not.  Our software works as a seasoned security analyst to tackle high-volume, human-challenging use cases quickly, consistently and accurately. And, our software doesn’t require arduous configuration, months of learning or on-going security engineering to deliver its results. 

By taking on these use cases, the Respond Analyst™ enables your team to expand the SOC’s coverage, staff more proactive and complex investigations and only spend time on incidents that matter.

1st Expert System for

Security Operations

At its core, the Respond Analyst™ is a modern expert system that emulates the decision-making ability and judgment of a skilled security analyst. Like a veteran security expert, the Respond Analyst:

  • Distills data and alerts from an organization’s existing security technologies and contextual sources that are relevant to a potential incident
  • Performs multi-dimensional analytical checks and probabilistic scenario simulations via its patent-pending PGO™ technology to determine the likelihood, extent and severity of a potential incident and whether it should be escalated to Incident Response
  • Presents cases that detail evidence that support individual escalations
  • Solicits feedback to improve the decision analysis over time

Because the Respond Analyst™ is software, it performs every security check, every time, without fatigue or distraction, at a scale that works for even the largest enterprise or agency. In addition, the Respond Analyst™ provides metrics about its performance, information for compliance audits and maintains a SOC’s tribal security knowledge 24 hours a day, 365 days a year.

The Respond Analyst™ is available for two security use cases that can work independently or together:

  • Network Intrusion: malicious and actionable intrusions into networks based on IDS/IPS alerts, including Palo Alto Networks, Trend Micro TippingPoint, Cisco FirePower, Fortinet's FortiGate
  • System Compromise: compromised endpoints and systems based on enterprise endpoint platforms, such as Tanium

Respond Analyst™ leverages and adds value to the following information sources:

  • Existing security data repositories and SIEM infrastructure, such as Splunk, Hadoop, HPE ArcSight, IBM QRadar and other SIEM connector technology
  • Security endpoint information, such as Tanium
  • Contextual sources such as vulnerability scans, IP reputation and asset and network information
  • Learning derived from historical pattern analysis, global trends and feedback from incident responders

The Old Approach

Organizations spend significant time and money training security analysts to monitor consoles, evaluate incoming alerts and determine if incident response is required. Analysts are asked to connect the dots between disparate security-related events, determine the context of assets involved, and evaluate the scope of the attack by remembering patterns and trends.

Today’s SOCs struggle to keep up and have become more and more reactive over time.  Security engineers are overwhelmed with content to develop and maintain.  Attrition of skilled security analysts sets SOCs back in terms of the capacity to handle events and the number of capable resources knowledgeable about their environment.

The New Approach

From day one, the Respond Analyst™ starts as an expert that augments your current SOC team. 

Respond’s unique PGO™ technology enables the Respond Analyst™ to reason like an expert security analyst – effectively becoming a SOC team member that specializes in high-volume, low signal use cases - without the need for constant content creation and management. The Respond Analyst™ keeps up as your business scales, is highly consistent and accurate in its analysis and extends the SOC’s security coverage as a whole.

Further, the Respond Analyst™ retains the tribal knowledge of your organization’s environment, and learns and adapts to new threats specific to your organization, your supply chain or the surrounding industry.

Proof, not Hype

We invite you to try our product.  We don’t require programming, lengthy set-ups or tedious rule building.  We can demonstrate our solution with historic data or run it as part of your operation.  In either case, we’ll show you exactly how the Respond Analyst™ can provide value to your Security team.

Get Started