When a network breach is detected, security teams need to respond quickly in order to minimize the damage. Getting to a resolution isn’t easy though, and may require lots of manual, disconnected activities and a body of data that’s often overwhelming for most analysts to interpret.
ProtectWise™ is committed to providing the security industry with an open platform that facilitates faster, more reliable threat investigations, as evidenced by our partnerships with Amazon, Gigamon, Carbon Black, Palo Alto, and Phantom Cyber. Our latest partnership with Demisto further supports that openness with a joint solution that enables security analysts to move quickly from detection to response and resolution. ProtectWise also uniquely arms security teams with limitless retrospective and forensic capabilities, to discover threats that were previously missed and to use what was discovered to remediate security events predictively in the future.
The ProtectWise Grid™ provides analysts with highly reliable detection of known and unknown threats that require their attention. It does so using multifaceted analysis techniques such as machine learning and correlation which are performed in real-time and retrospectively. Correlation is exhaustively comprehensive, involving matching of intrusion detection signatures, reputation lists and human intelligence against customer specific event modeling, threat intel and heuristics.
The ProtectWise Grid also provides capture, analysis and unlimited retention of full fidelity network traffic from any network, whether it’s a traditional enterprise network, cloud network or even Industrial Control System (ICS) and critical infrastructure segments, making possible a unified strategy for managing and securing the organization everywhere.
The Demisto Security Operations Platform provides automation playbooks that convert the findings of The ProtectWise Grid into action for the point products in your security infrastructure. Demisto supports over 50 different actions across more than 100 product like firewalls, endpoint protection, reputation services, sandboxes, directory services, SIEMs, and other tools used for incidence response. The integration enables faster and more accurate response to security incidents, automates threat hunting operations, and saves time.
This partnership combines automated threat detection and unlimited forensic exploration with automated security operations to deliver unparalleled incident investigation and response. Now, joint customers can utilize key ProtectWise threat detections and events, including detailed packet capture for creating incidents in Demisto.
Demisto’s real-time interactive investigations using ChatOps extends ProtectWise forensics exploration with a ChatBot interface, allowing analysts to auto-document and investigate even faster. The integration further extends threat protection from ProtectWise into more security environments via Demisto’s customer and partner ecosystem.
This integration is available today for ProtectWise and Demisto customers. To learn more, download our joint solution brief.
Next blog post