RESPONSE ORCHESTRATION

Eliminate Malicious Activity and Presence with Automated Incident Response Across all Parts of the Environment.

THE CHALLENGE

Successful cyberattacks entail the remote control of endpoints, stealth of user account credentials, running malicious processes and generating traffic to the attacker’s premises.

THE APPROACH

CYB3R-X is the only solution to provide incident response tools for cross-environment remediation: infected hosts, compromised user accounts, malicious processes and attacker-controlled network traffic.

PRE-BUILT REMEDIATION

CYB3R-X provides a pre-built remediation toolset for each entity type: file, host, network and user.

With these pre-built remediation and incident response tools, CYB3R-X accelerates and optimizes incident response workflows, equipping security teams with full remediation arsenal without ever needing to shift from CYB3R-X’s console.

USER

  • CYB3R-X detects anomalous login attempt.
  • Disable the user locally on the host using CYB3R-X’s built in Disable User remediation.

NETWORK

  • CYB3R-X detects a host initiating suspicious traffic to unknown external address.
  • Block traffic from this host to the address using CYB3R-X’s built in Block Traffic remediation.

HOST

  • CYB3R-X runs IOC search and discovers malicious service running on host.
  • CYB3R-X enables to surgically remove the service without need to isolate the entire host with its built in Delete Service remediation.

FILE

  • CYB3R-X detects a suspicious file running on host.
  • Remove the file for further investigation using CYB3R-X’s built-in Quarantine File remediation.

MAN IN THE MIDDLE

  • CYB3R-X detects a Man in the Middle.
  • Flush the infected host’s DNS cache with CYB3R-X’s built-in DNS Remediation.

MALWARE

  • CYB3R-X’s investigation reveals live trojan malware running on a host.
  • Due to the threat’s criticality, the host is removed from the network with CYB3R-X’s built-in Isolate Host remediation.

CUSTOM REMEDIATION

CYB3R-X can expand its pre-built remediation and combine them with user-created scripts that communicate with core environment components such as firewalls and active directory as part of large scale response orchestration workflows.

CUSTOM REMEDIATION USE CASES

BLOCK IP ON FIREWALL

CYB3R-X detects a host initiating suspicious traffic to an unknown external address

Using CYB3R-X Response Orchestration, the responder crafts a custom remediation that combines the built-in host isolation and a script that instructs the firewall to block all traffic to and from the address

Traffic to and from the malicious address is now blocked for all the environment

DISABLE USER ON ACTIVE DIRECTORY

CYB3R-X detects suspicious user logon to a data base, indicating a compromised user account

Using CYB3R-X Response Orchestration, the responder crafts a custom remediation that combines the built-in host isolation and a script that instructs the Active Directory to disable this user account

The compromised user account is now globally disabled from logging in to any host in the environment

CONTINUOUSLY ELEVATE RESPONSE WORKFLOWS WITH AUTOMATED PLAYBOOKS

CYB3R-X empowers responders to accelerate their workflows by defining automated response playbooks for various attack scenarios. Any pre-set or custom remediation action can be saved as a playbook either by itself, or chained with other remediation actions. CYB3R-X automated playbooks ensure that manual response will take place only when necessary.

DETECTED THREAT

CYB3R-X raises an alert on suspicious activity within the environment, providing responders with the tools and context to investigate the incident’s scope and impact.

MANUAL REMEDIATION

The responder uses CYB3R-X’s preset or custom remediations to fully eliminate malicious presence and activity from the environment.

SETTING PLAYBOOK

Save all the remediation actions that were used as a playbook to automate response in future occurrences.