SOAR Use Case: Investigation and Response – Automatically Quarantining Infected Hosts
Whether you’re performing your own threat detection or engaging with a service provider like an MDR to alert you to confirmed threats, without rapid response and containment capabilities, an attack can still cause significant damage to your organization. Incident response is an obviously critical component of any security program, but is often inconsistent and overly dependent on inconsistent, time-consuming manual processes involving multiple platforms. And with something such as a malware outbreak, every second response can be expedited is critical for containment.
Devo SOAR expedites both detection and response through intelligent automated playbooks. Every threat is fully investigated and triaged to follow the correct incident response process, which can be customized to meet each organization’s unique requirements and operating policies. When malware is detected, a playbook can automatically respond in multiple ways, weighing factors like severity, time of day, and asset type. For example, if malware is detected after hours, a laptop might be automatically quarantined until a security analyst can review it during regular hours, while the same response is queued up for one-click execution during normal SOC hours. No matter what the details, Devo SOAR can rapidly quarantine any number of hosts based on accurate threat detection and consistent processes that adapt to any organization’s requirements.
Related Use Cases