search external-link twitter facebook feed google-plus linkedin angle-left angle-right angle-up angle-down youtube-play
Hexadite - Security Orchestration and Automation - Automated Incident Response
Group Created with Sketch.
Open Menu
Investigations That Learn From Results
Investigating alerts shouldn’t be linear. With Hexadite AIRS, the result of one investigation can kick off multiple, parallel investigations.
Intelligent Investigations

The process of investigating cyber alerts has traditionally taken the form of a linear, checkbox-oriented playbook. The approach is similar to a providing a recipe to follow: provide a list of actions for a cyber analyst to perform, and when the list is complete the job is done.

However, taking a linear approach to cybersecurity incident response only deals with the threat being dealt with presently. The “incident response cookbook” method ignores previous investigations in the face of new threats. With new malicious threats identified every minute, organizations need a feedback loop between newly identified threats and the ability to run new investigations based on historic information.

Results Informing New Investigations

With Hexadite AIRS, the result of one investigation can kick off multiple, parallel investigations. For example, an investigation can uncover malware on one endpoint that is communicating with a known malicious IP address. Hexadite AIRS will immediately launch parallel investigations, looking for any other endpoints with connections to the IP address.

When Hexadite AIRS incriminates a file or process that was previously determined to be benign, the system automatically investigates and remediates endpoints with the malicious entity present.

Attacks Move and Morph Quickly

When Hexadite AIRS identifies malware, a CNC connection, ransomware, or any other threat, it assumes that the single instance on one endpoint isn’t the extent of the attack. Instead, Hexadite AIRS looks for lateral movement, other machines exhibiting suspicious behavior, and rigorously investigates all systems to understand the full extent of the threat.

Screen Shot 2016-06-02 at 4.33.02 PM