SOAR Use Case: Investigation and Response – Detecting and Disabling Compromised Credentials

The use of compromised credentials, particularly those from privileged users, is one of the most common and effective ways to breach an organization’s IT environment. Many organizations have tools that will identify potentially compromised credentials, but a combination of inaccurate detection, too many false positives, and time-consuming investigations with too many manual processes leads to slow incident response. And every minute that response is delayed makes a damaging breach more likely.

Devo SOAR playbooks can establish automated baselines of standard user behavior. When behavior varies from normal activity, you can automatically take steps to respond to the incident, either in a fully automated fashion, or by alerting appropriate personnel and letting them authorize the correct response through a one-click approval process.