real-time-robotic_decisionv3

Real-time robotic decision automation

  • Integrated reasoning works across all available data sources for better decisions, faster
  • Working at machine speed, data is analyzed, scoped and prioritized
  • 100% coverage means no need to filter, tune-down or ignore alerts
  • Always on, continuous monitoring, analysis and triage at a fixed cost
analysis_green

Security analysis specific to your organization

  • Leverage support for STIX/TAXII to bring in specialized threat intelligence
  • Vulnerability scanner integration assists the software in making more informed decisions
  • Classifying assets & users helps manage the risk posed by breaches
  • Combined contextual resources reduce the false positive incident escalations
incidents_teal

Dynamic scoping, prioritization, and notification

  • Fully vetted incidents with explanation of why they were escalated
  • Incidents are re-scoped and prioritized as new evidence is uncovered
  • Automated real-time notifications via PagerDuty
SecurityIncidents-1024x706

Seamless feedback, learning and integrations

  • Thumbs up/down dialog enables your feedback on escalation
  • Global learning provides more experience than the most experienced human analysts
  • Fits immediately into your current SIEM & SOAR tools
  • Easily connects to case management and ticketing systems

Frequently Asked Questions about the Respond Analyst

  • How is the Respond Analyst different from a SIEM?
    1

    • SIEMs use rules to reduce the number of security events that security teams analyze – in other words, funneling the data to a capacity that a team can manage. The Respond Analyst flips that funnel using all available data to make better security decisions, faster. The pre-built decision models are ready to work on day one – no training or rules writing required. Adding the Respond Analyst to a security team is like adding dozens analysts.

  • We have implemented SOAR – how does the Respond Analyst fit?
    2

    • SOAR platforms can be programmed by security engineering teams to automate analyst tasks both upstream, ie., data collection, correlation, enhancement, and downstream ie. assisting in responding to low-level, repetitive security events. The Respond Analyst is pre-built software that automates the analysis, investigation and triage ‘at the front line’ of security decision-making, vetting all events before the SOAR needs to take. The Respond Analyst is ready to work on day one, no programming required and elevates security teams to remediation and response activity.

  • What’s the difference between "event" and security "incident" or "situation"?
    3

    • A security event is a single occurrence that theoretically indicates suspicious activity. Sensors like firewalls, web proxy monitors and end point protection solutions generate thousands to millions of individual events on a daily basis that may or may not be an indication of a threat. The Respond Analyst considers all available security events – analyzing, investigating and correlating them into security incidents that are scoped and prioritized for security teams to take action on. The Respond Analyst only escalates vetted security incidents and updates the scoped escalation additional related security data becomes available.

  • We use an MSSP for frontline monitoring and triage. How is the Respond Analyst different?
    4

    • MSSP’s are challenged with the same ‘people in front of console’ as any internal SOC. MSSP’s are narrowing down the data their teams analyze use rules and something sensor filters –most likely less than 10% of your data is getting analyzed. Further, MSSP’s escalate individual events that seem suspicious. Using the same number of team members, you have today, you improve your coverage and capacity and only spend time on vetted security incidents that have the data to back them up.

Automated Security Analysis and Triage

Security analysis software that provides full coverage across hard to diagnose use cases

auto_txt-1
rsaround

The Respond Analyst Intelligent Decision Engine

cmpicon

Escalates Vetted Security Incidents

Use Cases (Not Inclusive)

  • Targeted campaigns
  • Client-side exploitation
  • Command & Control traffic
  • Data exfiltration
  • Propagating malware between hosts
  • Destructive or modern malware, i.e. Ransomware
  • Infections on sensitive or critical systems
  • Network exploitation, inbound & lateral
  • Internal reconnaissance
the-respond-analyst-an-xdr-engine-data-sheet

DOWNLOAD

The Respond Analyst, an XDR Engine Data Sheet

The Respond Analyst, an XDR Engine, is the first decision automation system for cybersecurity. With the speed, scale and consistency, the Respond Analyst is ready to go to work, out-of-the-box.

DownLoad