The goal of Incident Response is to address and manage a security breach in a way that limits damage and reduces recovery time and costs. Your SIEM solution can identify an Indicator of Compromise (IOC) by analyzing and correlating the massive streams of machine data generated by your IT systems and technology infrastructure.
Through a seamless integration with the Splunk Adaptive Response framework, the combination of RedSeal and Splunk can result in a significant increase in network situational awareness and full visibility of network access paths to/from an IOC to critical assets and contain downstream risk, within minutes.
ACCELERATE INCIDENT RESPONSE WITH REDSEAL ADAPTIVE RESPONSE ACTIONS
RedSeal helps in accelerating Incident Response in two ways – providing insights for correlation to identify IOCs as well as providing immediate answers to the following questions:
- What is the compromised device?
- Where is it located both physically and logically?
- Where can the attacker traverse to? Can it reach my critical assets via a network access path?
- What containment options are available to me?
RedSeal provides three Adaptive Response actions to quickly answer the above questions:
Display Source Details
Get the device’s OS, applications, L2 information, policy group, etc.
List Top Reachable Groups, Launch RedSeal Incident Response
Identify all downstream assets that the compromised device can access, prioritized by the business value and the exposure
Launch RedSeal Incident Response to get more details in a separate browser window, including the L2 information on each of the reachable targets
View Detailed Network Access Path
Display network access path(s) from the source to the target, listing all the connected devices in-between, with details on the firewall(s) and the configuration rules permitting access