Proactive Defense For Next-Generation Firewall IP Blocking
- Automatically block an IP address of an attacker
- Automatically block a compromised device from outbound communication
- Proactively block IP addresses of Ransomware attackers
- Works with all major Firewalls and NGFWs
ProActive Defense for User Accounts
- Automatically force password reset of suspicious account
- Automatically lock an account for a period of time
- Works with Active Directory and available for other IAM tools
ProActive Defense for Network Devices
- Automatically remove or quarantine a device from the network
- Works with popular NAC tools
ProActive Defense for Investigation and Forensics
- Automatically snapshot a device image
- Works with EnCase and other tools
ProActive Defense for Trusted Circles
- Proactively block newly detected attackers discovered attacking industry peers in your trusted circle
Incident Response Orchestration Management
The volume and ferocity of cyber attacks is on the rise at every organization and security teams are challenged to keep up with the full lifecycle of Incident Response and Remediation requirements including:
- Investigation of detected Indicators of Attack or Indicators of Compromise
- Containment of an attack or compromise
- Recovery and remediation of an asset
- Management and measurement of the Incident Response process
- Forensic investigation and enhancement of security controls
Proficio Incident Response Orchestration Management includes people, process, and technology for orchestrating, automating, and managing responses to cyber attacks.
Runbook for alert escalation based on Use Cases
The documented Runbook maps to the Incident Response Plan and is automated to provide escalation alerts to operating teams with actions required for response.
Automated Incident Response through ProActive Defense module
ProActive Defense modules automate steps in the Incident Response process including Containment, Device Quarantine, Suspension of User Account, Snapshot of Device, Threat Intelligence Profiling, or GeoLocation Lookup.
Incident Response Coordination
A Cyber Incident Response Team may be called together to investigate, recover, remediate and discuss disclosure of an incident. Proficio can provide a single point of ownership to monitor workflow and manage this process.
Playbooks for IR Manual Response
Playbooks are a defined process to perform an Incident Response investigation, response and remediation that may automate several steps in the process through ProActive Defense modules and present results to an IR Analyst for review and follow-up action.
Case Management to Measure the LifeCycle of Incident Response
The Proficio IR Orchestration Platform maintains a cloud-based Case Management system that records incident detection, response, and closed case metrics as well as evidentiary information in a secure system.