INVESTIGATION & RESPONSE
Security Operations Teams are inundated with alerts and lack sufficient resources to prioritize and fully investigate and respond to threats. While automation and playbooks provide some air cover for tier 1 analysts, there are few tools to address the needs of tier 2 and tier 3 analysts.
See how to shift focus to include detection and response by clicking on the links below to learn more.
SANS Incident Response Survey Report
Organizations must be able to make decisions about risk, detection, prevention and response that are based on a true understanding of the threats they are facing. Threat intelligence can give them that understanding and can be applied at many different levels in an organization. This, however, relies on knowing what intelligence to apply, where to get that intelligence from, and how it can be put to use.
In this survey report, you will learn…
- How CTI is being used
- What tools are supporting CTI
- A look forward for CTI
Incident Pruning: Maintaining Control within Incident Response Investigations
“Incident pruning” is the process to remove “dead end” investigation paths during an incident that have been deemed benign, irrelevant, or out- of-scope. This whitepaper by ThreatQuotient CTO, Ryan Trost, discusses some of the strategies to effectively prune an investigation to maintain security operations efficiency and focus, including, incident thinning and incident deadheading.
In the news…
…we’ve shifted our focus to include detection and response, and some people talk about using Security Orchestration, Automation and Response (SOAR) tools, specifically playbooks, to accelerate response and mitigate risk.
Although spear phishing has been around for years, organizations continue to fall victim as criminals evolve their methods. According to the most recent quarterly report from the Anti Phishing Working Group (APWG), spear phishing spiked last spring but has since remained steady, with adversaries using new techniques to carry out their attacks and to conceal them.
A single, shared environment also allows SOC managers to coordinate actions more efficiently and effectively. They can see the analysis unfolding which allows them to coordinate tasks between teams and monitor timelines and results.
Watch and learn…
Mixing Automation and Human Intelligence: A Recipe for Effective Investigations and Response
Watch guest speaker Joseph Blankenship, VP, Research Director Serving Security & Risk Professionals of Forrester Research, and Leon Ward, VP of Product Management of ThreatQuotient discuss how to use the right mix of automation and human intelligence to make security operations more efficient and effective.
ThreatQ Investigations Overview
The industry’s first cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response. ThreatQ Investigations embeds visualization and documentation in a shared environment for a greater understanding and focus throughout the analysis process.
Test Your Skills With ThreatQ Investigations
In a safe sandbox environment, interact and perform investigation actions with ThreatQ Investigations. Analyze targeted spear phish emails and understand the timeline of how an attack took place.