Incident Response

When responding to today’s threats, every second matters and having definitive data is essential.

Threats have become more advanced than the tools we use to block them. Zero-day attacks, targeted malware, social engineering, insider threats, and Advanced Persistent Threats (APT) are all designed to get around the existing defenses on your network. Network security teams need situational awareness over the players, systems, and activities on their network to bridge the gap between current defenses and the attackers’ capabilities.

Solera Networks provides DS Appliances to enable organizations to respond quickly and definitively to network security incidents.

• When a security event has been identified, typically the behavior that triggered an alert from an Intrusion Detection System (IDS), malware detection appliance, or Security Information Event Management (SIEM) does not mark the first contact with this threat on your network. To ensure that the incident does not continue and that it can’t happen again, it’s important to determine the root cause of a security event. With Solera DS Appliances, you can start at the exact event when an alert was triggered and then travel backward in time – across machines, applications, people, and personas to get the full context behind what happened. You can quickly and easily discover the initial vulnerability and source of the incident.
• The impact of an incident is often related to the scope of the systems and data that has been accessed by an attack. Other network security tools can’t determine the scope of an incident on your network; they only alert you to a moment in time when the threat was detected. In many cases, detection tools are not set in “blocking” mode – meaning the threat is free to continue along it’s way. Solera DS Appliances allow you to clearly track the pathway of a threat by fingerprinting files and searching across all network data. You can see how target systems responded to threats and discover what was compromised. You can definitively determine the full picture of the incident on your network.
• After an incident has occurred on your network, how can you be sure that it’s done? Organizations that have been the target of a high-profile breach deal with the lingering effects of the breach for months and years. With Solera DS Appliances, organizations have real-time situational awareness to know if an incident is done, if attackers are still present on the network, and if machines are still compromised. By monitoring the connections between machines and out to the Internet, it’s possible to prove that your network is secure.