Set new benchmarks for Incident Response
When integrated with SIEM technology, the security orchestration, automation and response capabilities of the Huntsman Analyst Portal delivers the complete range of security information management, real-time analysis, threat verification and incident workflow automation. The leading edge technology addresses significant challenges facing cyber security teams:
- Attacks and attackers are getting more sophisticated, harder to detect and more difficult to defend against
- A need to reduce elapsed time between attack and resolution
- Limited resources trying to process an increasing volume of alerts
Incident Response Automation – How it works
The Analyst Portal collects and process security data in real-time, using correlation rules and machine learning techniques to identify suspicious behaviour and misuse. The software provides two automated and unique response capabilities:
- Threat verification to dramatically reduce false positives
- Delivery of a case file of all available and relevant information for threat resolution by (a) a senior analyst or; (b) machine automated action
The Benefits you will realise with Incident Response Automation
- Saves valuable time – reduces the risk window to seconds
- Provides consistency through automation
- Up to a 10-fold reduction in operating overhead, through automation of routine elements of diagnostic and resolution processes
- Delivers precise security information to operations, management and audit stakeholders
- Allows incident investigators to immediately answer key questions: ‘who, what, where, when and how’ around an alert
- Focuses security teams on true indicators of compromise
What the Analyst Portal delivers to your organisation
- Extensive data support with sensor/agent/agentless collection from syslog, event logs, file-based audit trails, XML, database query, and network flow data drawn from hundreds of sources.
- Detection and analysis of, and response to, alerts and threats in real-time
- Fully integrated defence-grade incident and case file management, automated workflow and full evidential recording
- Display of real-time actionable intelligence with visibility of compromised IT assets or information flows in the event of a breach
- Clear security business intelligence interface for data-driven investigation and drill-down queries with tabbed data views and interactive filters
- Identification of security breaches, root cause analysis and investigation
- Integration with malware detection solutions such as FireEye, BlueCoat, Cisco and Checkpoint to identify, prove and resolve advanced persistent threats
- Full support for dedicated enterprise deployments, multi-tenant services and cloud environments.
How the Analyst Portal integrates with 3rd Party Solutions
The Analyst Portal works with 3rd party enforcement tools such as Cisco ISE to automate security processes enabling Rapid Threat Containment. See details of the Cisco ISE – Huntsman Analyst Portal solution here. You can also find information on Cisco Marketplace.
The Analyst Portal integrates with FireEye to resolve cyber attacks in seconds. See details on FireEye’s website.