Respond Software, innovators in Robotic Decision Automation (RDA) for security operations, announced the addition of web filtering investigation and discovery capabilities to its Respond Analyst solution.
The Respond Analyst examines data that organizations already collect but don’t have the staff, tools or expertise to analyze correctly. Using the Respond Analyst is equivalent to hiring an expert team of Tier 1 analysts.
According to the Ponemon Institute’s 2018 State of the Endpoint Report, 57% of malware is undetected by antivirus solutions, while zero-day and fileless attacks are more likely to compromise an organization than existing or known attacks.
Web filtering systems, such as Zscaler and Symantec Bluecoat, generate data about these breaches, yet because of the high volume of this data, it is not monitored for security threats.
Using the Respond Analyst to investigate and discover web filtering data, organizations can:
- Find attacks in real time, including those that may never have been found, to reduce Mean Time to Detection (MTTD) and overall attack dwell time
- Consolidate common infections into a single incident
- Use less human power, freeing them to use financial and staff resources for other important tasks, such as incident remediation and threat hunting
The Respond Analyst is the first solution that delivers real-time monitoring and triage of web filter data. It catches malware potentially undetected by other controls, such as signatures that are unknown or intrusion detection or prevention systems that cannot look at encrypted data, using actual behavior to identify compromised systems.
The Respond Analyst combs through massive amounts of data from web filters including Palo Alto Networks, Symantec, McAfee, Cisco, Forcepoint and ZScaler, using advanced mathematics to find infected systems that are linked to command and control behavior.
Using web filter data in conjunction with Integrated Reasoning, the Respond Analyst enhances accuracy by corroborating malicious activity across multiple telemetries, reducing uncertainty.
Mike Armistead, CEO, Respond Software, said: “The Respond Analyst is the first solution to leverage the massive amount of data generated from web filters to reduce MTTD and attack dwell time in real time instead of just during forensics. For instance, the Respond Analyst can detect beaconing activity, even if it occurs on an irregular basis over a long period of time, achieving something a human analyst may never be able to detect.”
Ed Amoroso, founder and CEO, TAG Cyber, said: “Malware, zero-day exploits and other threats have become common in most enterprise settings. Until now, organizations have had no easy way to look at the mountain of data generated from their security infrastructure.
“Respond Analyst’s new web filtering capability offers innovative ways for organizations to detect adversaries in their networks, ways that previously weren’t available or even possible using human support.”