Respond Software Unlocks the Value in EDR Data with Robotic Decision Automation : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

Respond Software Unlocks the Value in EDR Data with Robotic Decision Automation

Respond Software today announced analysis support of Endpoint Detection and Response (EDR) data from Carbon Black, CrowdStrike and SentinelOne by the Respond Analyst - the virtual cybersecurity analyst for security operations. The Respond Analyst provides customers with expert EDR analysis right out of the box, creating immediate business value in security operations for organizations across industries.

The Respond Analyst provides a highly cost-effective and thorough way to analyze security-related alerts and data to free up people and budget from initial monitoring and investigative tasks. The software uses integrated reasoning - decision-making that leverages multiple alerting telemetries, contextual sources and threat intelligence - to actively monitor and triage security events in near real-time. Respond Software is now applying this unique approach to EDR data to reduce the number of false positives from noisy EDR feeds and turn transactional sensor data into actionable security insights.

Mike Armistead, CEO and co-founder, Respond Software, said: "As security teams increase investment in EDR capabilities, they not only must find and retain endpoint analysis capabilities but also sift through massive amounts of data to separate false positives from real security incidents. The Respond Analyst augments security personnel with our unique Robotic Decision Automation software that delivers thorough, consistent and 24x7x365 analysis of security data - from network to endpoint - saving budget and time for the security team. It derives maximum value from EDR at a level of speed and efficiency unmatched by any other solution today."

Jim Routh, head of enterprise information risk management, MassMutual, said: "Data science is the foundation for MassMutual's cybersecurity program. Applying mathematics and machine learning models to security operations functions to improve productivity and analytic capability is an important part of this foundation."

Jon Davis, CEO of SecureNation, said: "SecureNation has made a commitment to its customers to deliver the right technology that enables the right security automation at lower operating costs. The EDR skills enabled by the Respond Analyst will make it possible for SecureNation to continue to provide the most comprehensive, responsive managed detection and response service available to support the escalating needs of enterprises today and into the future."

The Respond Analyst: Integrated Reasoning Closes the EDR Gap

EDR solutions capture and evaluate a broad spectrum of attacks spanning the MITRE ATT&CK Framework. These products often produce alerts with a high degree of uncertainty, requiring costly triage by skilled security analysts that can take five to 15 minutes on average to complete. A security analyst must pivot to piece together information from various security product consoles, generating multiple manual queries per system, process and account. The analyst must also conduct context and scoping queries. All this analysis requires deep expert system knowledge in order to isolate specific threats.

The Respond Analyst removes the need for multiple console interactions by automating the investigation, scoping and prioritization of alerts into real, actionable incidents. With the addition of EDR analysis, Respond Software broadens the integrated reasoning capabilities of the Respond Analyst to include endpoint system details - identifying incidents related to suspect activity from binaries, client apps, PowerShell and other suspicious entities.

Combining EDR analysis with insights from network intrusion detection, web filtering and other network telemetries, the Respond Analyst extends its already comprehensive coverage. This allows security operations centers to increase visibility, efficiency and effectiveness, thereby reducing false positives and increasing the probability of identifying true malicious and actionable activity early in the attack cycle.