It's imperative for any organization to prepare for unforeseen incidents and keep their team on the ready. Our MIR platform enables you to do exactly that.
The MIR platform facilitates sharing key insights and information with others for quicker resolution of events. This platform enables you to explore and learn from past investigations. You get to benefit from Machine learning capabilities for fast and multi-linking incident investigations.
It’s vital to get rid of unnecessary and repeatable processes by automating it using the customizable playbook portfolio. MIR platform helps in real-time and joint investigations using virtual war rooms. It further enables granular tracking of incident and analyst metrics.
You are able to get investigation queries along with response actions driven by Playbook. Our MIR platform has an innovative feature to auto-document all your investigations and historical searches. It leads to automatic and careful detection of duplicate investigations and you are able to search across multiple domains including investigations, incidents etc.
No cyber security mechanism is robust unless it has been tested against a potential attack. Our Managed Incident Response tool helps you exploit vulnerabilities to make your cyber defenses unbreakable.
We support integration with the SIEM, EDR, Deception Technology solutions and Big Data Security Analytics by virtue of setting an API connection for the ingestion of events data. We also support the integration with the next generation firewalls, IPS, URLF, AV and WAF solutions for their reconfiguration on the fly as the desired action for the prevention or containment of an attack. There is no need to replace the existing solutions of threat detection and security controls for prevention if they support the API integration. Hence our solutions offer the investment protection.
We assign the risk scores on the scale of 1-10 for each of the detected indicator of attack or pivot (IOA/IOP). This score is assigned on the basis of the characteristics picked by the analytics tools, like SIEM, EDR, etc., heuristics, and severity of the event classifiers. The risk score is further fed with the reinforced learning engine to build the relationships of any previous existing event. The multivariate engine also considers the threat feeds and OSINT before designating a final risk score.
There are well-defined incident response playbooks giving the options to the SOC team to orchestrate the action. For example, the admins can set up a threshold of 8 for the automatic action where the platform will reconfigure the firewalls, URL filtering solution, WAF, Antivirus hashes, Router ACLs, and Patterns for an Anti-Bot solution. If the score is lesser than 8, then the operators’ get to the threat hunting dashboard.
The platform is integrated with Virus Total, IBM eXchange, AlienVault OTX, and OSINT for harvesting the information for each of the potential threat events. Generally, we propose to our customers to harvest the learnings from the Threat Hunting for the events with a risk score lesser than 8. The threat hunting dashboard also supports the actions for the SOC Orchestration for reconfiguring the firewall, URLF, IPS, WAF, AV, etc. With the EDR solutions, deploying of the Threat Hunting functions can be customized to reconfigure the policies and profiles, etc.
Our platform is easy to understand and operate in. It's no rocket science because it has been built to simplify.
Our team with decades of experience in handling the blue team function have purpose-built the MIR platform to reduce the probability of a miss or human errors in the incident handling by embedding the Artificial Intelligence. Furthermore, the platform offers the use cases cases of SOC Orchestration and Machine Readable Threat Intelligence to enhance the overall incident handling capability.
Our MIR platform reduces time to respond to threats because we have worked a mechanism to enhance the time to detect, prepare and respond. We have a process-driven MIR platform enhanced by deeply embedded machine learning that helps filter irrelevant data and uses played-on data necessary to take action. We bring enrichment in this process using our global resources to solve local and global problems (attacks).
One of the bigger challenges of threat detection and action is lack of consistency. When people are involved for time-to-respond actions, they may be inconsistent leading to inefficient actions and no learning. We solve this problem through machine-learning. For quicker action, we use SOC orchestration in two parts - a] Automatic incident response and b] Residential response with threat hunting. While we believe in automation, you are free to choose the people-oriented approach too depending on your threat problems.
Our MIR solution cannot ingest data with anybody and everybody. We may ingest data from SIEM, UEBA or threat deception platforms.
Read our musings on what’s changing and impacting the world in the field of cyber security and analytics.