IBM Resilient managed Incident response platform integrates with all existing security systems to create a single hub for Incident Response, allowing easy workflow configuration and process automation to transform an organisation’s security posture. It empowers security teams to analyse, respond, resolve and mitigate incidents faster using consistent, intelligent processes.
One customer went from 20 days (on average) to close a security incident to less than 5 days – this was IBM.
Although there is strong integration between QRadar and Resilient, the infographic below on the life of a security incident is applicable to any SIEM.
For a suspected malware outbreak and based on QRadar rules, an incident is automatically created inside the IBM Resilient platform, importing relevant information about the attack and any indicators of compromise (IoCs). Resilient will then generate a detailed response plan specific to the incident type and attaches any associated IOCs like the malware hash.
Leveraging automatic enrichment capabilities, the suspected malware is compared against threat intelligence feeds like IBM X-Force Exchange which confirms it is known bad malware and other characteristics such as linked phishing attacks and associated source IP addresses. These details can then be used to orchestrate remediation, like blocking the attack source through FW changes, helping to tune the SIEM tool to be more effective.
In addition, Resilient’s Dynamic Playbooks support integrations with more than 100 other systems that may be present in a typical security environment, providing clients with a seamless, centralised incident response hub.
“We invested two years in improving our security. Resilient’s Incident Response Platform was the capstone to that project – the critical piece that empowered all others.”
Chief Information Security Officer, Top 3 Credit Card Network
“Average time to close an incident has halved after three months using the platform, and it’s dropping fast.”
Senior Director of Incident Response, Fortune 5 accountSchedule a Demonstration of the Resilient Managed Incident Response Platform
An orchestration strategy allows for security teams to process incidents faster and more accurately. And by automating repetitive and menial tasks and delivering the right information to the right analyst at the right time, orchestration can significantly drive down Mean-Time-To-Response.
For more information on orchestration, watch the video and download the solutions brief