Act quickly in the face of the threat

Abstract picture

To contain the progression of an attack, the first minutes are critical!

In the event of a proven attack, the first minutes represent the most crucial periods for limiting the damage to the company’s information system. It requires from your SOC, CERT/CSIRT team: spontaneity and responsiveness in order to circumscribe the attack perimeter (identify the workstations/terminals concerned, the indicators at the origin of the alert, have information on the procedure, the TTPs) and activate the appropriate responses. Without a real connection between your security equipment and the use of automated processes, this coordination of tasks can, however, turned out to be time-consuming for your team.

 

Automate, without human intervention, your defense strategy in the event of an alert

 

At SEKOIA.IO, we provide teams in charge of IT security with a single platform from which they can:

Interconnect their entire ecosystem cyber on-premise or cloud
Correlate and enrich all the alerts raised by the equipment in order to confirm malicious behavior
• Propose emergency response actions depending on the type of threat

They can also set up playbooks that will allow automated and without intervention of:

• Blocking IoCs on your security tools
• Isolate infected workstations in the event of alerts
• Directly block malicious domains that regularly generate alerts.

All these elements contribute to simplifying the daily activities of your analysts and saving them time.

Relieve your SOC team of repeated actions

 

Our all-in-one SOC platform natively integrates SOAR technology. This takes shape through a graphical interface whose different functionalities promote the automation of the standard and most repetitive daily activities of a SOC team.

Your analysts can, in fact, create playbooks capable of automating, at a specific time or continuously, their triage, pre-qualification, and enrichment actions around the alerts raised.

Graph investigation
Dashboard Operation Center

Increase the operational capacity of your CSIRT team

 

For incident response teams, this natively integrated SOAR function brings guarantee, speed and a certain peace of mind when it comes to the execution of security responses.
Concretely, CSIRT teams can rely on SEKOIA.IO’s library of ready-to-use integrations to:

• Ask security devices to block malware

• Isolate workstations or disable Internet access using information of context recovered on the operating mode of the attackers associated with this malware

• Retrieve the results of the remediation

• Inform by email or on Slack his manager (RSSI, DSI) of the progress of the remediation

• Create a ticket with all the elements of context likely to help analysts pursue their investigations…

All of these actions contribute to reducing the manual efforts of your team and to dealing with the shortage of cybersecurity personnel.

Take a step ahead by taking advantage of a catalog of operational playbooks

 

Within our SOC platform, you have a catalog of playbooks (automated actions) created, maintained by our teams and freely accessible to all of our users. This catalog is regularly enriched in order to make it operational and efficient for all your activities:

• Collection, sorting, and pre-qualification of alerts,
Investigation and resolution of incidents.

Because no one has a better understanding of your environment and your needs in terms of cyber activities than you, we have simplified and organized the process of configuring playbooks around three components, namely:

• Triggers, responsible for establishing your criteria for ‘automatic execution
• The actions (processes or business logics) to be implemented
• The operators which make it possible to articulate through your conditions, the different actions or business logics that you wish to implement.

Its handling is accessible to any skill profile (from the most technical and experienced users to the less advanced).

Act quickly in the face of the threat