search external-link twitter facebook feed google-plus linkedin angle-left angle-right angle-up angle-down youtube-play
Hexadite - Security Orchestration and Automation - Automated Incident Response
Group Created with Sketch.
Open Menu
Fully Automated Remediation
Closed-loop resolution without human intervention.

Let Hexadite AIRS quarantine files, kill processes, block bad IPs, and take dozens of other actions automatically without human intervention.

Using Automation to Fight Automation

Let Hexadite AIRS quarantine files, kill processes, block bad IPs, and take dozens of other actions automatically without human intervention.

Alerts can number in the thousands, or tens of thousands, a month. According to a survey by International Data Corporation (IDC), 37 percent of cyber security professionals reported facing 10,000 alerts per month of which 52 percent are false positives. The end result is a swamped staff.
Bill Sweeney

SecurityWeek

The Exponential Increase in Attacks

It’s hard to understate the massive increase in cyber attack volume. A study by Spiceworks found that in 2015, 80% of organizations experienced a security incident. To understand the motivation behind the attacks, consider the following:

In an environment where the incentive is clear, fear of prosecution is minimal due to geographic anonymity, and distribution on a worldwide scale is immediate and effectively free, it’s no surprise that the frequency and volume of attacks will continue to skyrocket.

The Exponential Increase in Alerts

Even organizations with well-staffed incident response teams cannot possibly keep up with the number of alerts manually. Despite estimates indicating that between 50% and 85% of alerts are false-positives, an EMA study noted that:

  • 92% of organizations receive up to 500 alerts per day
  • 88%  said their teams could investigate only 25 or fewer severe/critical events per day
  • Less than 1% of alerts categorized as severe or critical are ever investigated

Automation is the Answer

The only viable approach to the increase in alerts and scarcity of capacity is to use security orchestration and automation tools to:

  1. Automatically investigate every alert – Instead of prioritizing alerts to match capacity, use a solution to investigate every alert.
  2. Gather additional context from other systems – Automate the collection of contextual information from other network detection systems, logs, etc.
  3. Exonerate or incriminate threats – Using both known threat information and by inspection, decide whether what was detected is benign or malicious.
  4. Automate the remediation process – Once a verdict has been made, automatically remediate (quarantine a file, kill a process, shut down a CNC connection, etc.)

Fully Automated Remediation

With Hexadite AIRS, organizations are able to investigate and remediate all cyber alerts from any detection source in minutes.