The StealthDEFEND actions engine automates security responses and connects various security applications and processes together with multi-stage actions. This allows customers to build "Playbooks" they can use to respond to threats automatically or in an ad-hoc fashion.
The ability to detect and respond to threats quickly can mean the difference between a minor incident and a breach. Achieving this level of response speed is difficult for even the most seasoned security teams. StealthDEFEND’s built-in Incident Response Playbooks can be used to automate multi-stage actions ranging from basic alerting to triggering step-up authentication, greatly reducing insider threat dwell time.
StealthDEFEND allows administrators the ability to scope user access to a variety of roles from "Reviewer" (grants the ability to only view threats), Threat Responders (grants the ability to view threats and execute actions) and Response Managers (grants the ability to author new Threat Response Playbooks). Permissions are scoped to Active Directory Users and Groups allowing delegation via Active Directory.
With RBAC (Rule Based Access Controls), StealthDEFEND security is managed at a level that corresponds closely to the organization's structure. Each user is assigned a role, and each role is assigned one or more privileges, all of which is easily managed via Active Directory.
StealthDEFEND allows the assignment of threats to individual users and history / action execution / comments, all of which are tracked in an intuitive interface.
Teams are typically working on multiple projects and tasks at any given time in an organization, and the ability to collaborate on issues is key to successful outcomes. StealthDEFEND offers the ability for multiple analyst to work with the same data and track the current state of events across team members.
StealthDEFEND administrators can associate a profile with multiple sets of credentials, to be used with Security Playbooks and Active Directory Sync.
Multi-action threat response often relies on different credentialed applications to execute a series of actions; StealthDEFEND simplifies associated access management by allowing customers to create credentials profiles that do not rely on specific usernames and passwords, instead leverages credential profiles that are linked to multiple sets of credentials.
StealthDEFEND has been updated to support TLS (Transport Layer Security), an updated, more secure, version of SSL. When transporting mission critical data, we want to be sure that data has arrived safely and is delivered in a reliable manner. Using SLL/TLS on the application level that goal is achieved and provides StealthDEFEND with secure browser sessions, safeguarding any sensitive data.
StealthDEFEND 1.2 now exposes additional agent data that was previously inaccessible. Security analysts benefit most when provided with centralized data, enabling more efficient security management and more comprehensive control of incoming activity. StealthDEFEND gathers a significant amount of data from various agents and now displays that information in an intuitive, easy to use interface.
Adds an additional layer of protection with a stronger authentication mechanism when accessing sensitive resources or in response to suspicious behavior
Removes access as a precautionary measure until the user provides additional authentication or until an administrator re-enables the account
Logs an incident for triage
Forward incident details to a SOC for initial diagnosis
StealthDEFEND playbooks allow your organization to:
Mitigate Data Loss Fast detection and response greatly reduces attacker dwell time and contains threats before attackers can advance to the data exfiltration stage
Decrease Response Time SteathDEFEND connects various security applications and processes together to orchestrate and automate the threat response process
Provide Instant Visibility Across Teams Automated incident response instantly notifies Global and Local SOC teams, security analyst and remediation teams ensuring everyone is aware of threats as they occur
Reduce Errors & Increased Productivity Automation removes error prone process from humans and frees them up to focus on high priority threats