Automating Incident Response
When integrated with Huntsman Security’s Next Gen SIEM technology, the security orchestration and automated response capabilities of the Analyst Portal creates Next Gen SIEM SOAR. The product delivers the complete range of security information management, real-time analysis, threat verification and incident workflow automation.
What Next Gen SIEM SOAR delivers
Next Gen SIEM SOAR optimises the resources in your security operations:
- Saves valuable time – reduces the risk window to seconds
- Provides consistency through automation
- Up to a 10-fold reduction in operating overhead, through automation of routine elements of diagnostic and resolution processes
- Delivers precise security information to operations, management and audit stakeholders
- Allows incident investigators to immediately answer key questions: ‘who, what, where, when and how’ around an alert
- Focuses security teams on true indicators of compromise
How our Next Gen SIEM SOAR works
Next Gen SIEM SOAR collects and processes security data in real-time, using correlation rules and machine learning techniques to automatically validate threats. This automation can reduce the average time from threat detection to resolution (currently 69 days) to slash your organisation’s time at risk.
The product provides two automated and unique response capabilities:
- Threat verification to dramatically reduce false positives
- Delivery of a case file of all available and relevant information for threat resolution by (a) a senior analyst or; (b) machine automated action
Next GEN SIEM SOAR features
Key capabilities of Next Gen SIEM SOAR:
- Detection and analysis of, and response to, alerts and threats in real-time
- Extensive data support with sensor/agent/agentless collection from syslog, event logs, file-based audit trails, XML, database query, and network flow data drawn from hundreds of sources.
- Fully integrated incident and case file management, automated workflow and full evidential recording
- Display of real-time actionable intelligence with visibility of compromised IT assets or information flows in the event of a breach
- Integration with malware detection solutions such as FireEye, BlueCoat, Cisco and Checkpoint to identify, prove and resolve advanced persistent threats
Next Gen SIEM SOAR dashboard
Integrates with a variety of 3rd party solutions
Next Gen SIEM SOAR (incorporating Analyst Portal) works with 3rd party enforcement tools such as Cisco ISE to automate security processes enabling Rapid Threat Containment. You can also find information on Cisco Marketplace.
Next Gen SIEM SOAR (previously called ‘Analyst Portal’) integrates with FireEye to resolve cyber attacks in seconds. See details on FireEye’s website.