Scribd Logo
Upload

Welcome to Scribd!

  • Use Case - Endpoint Protection - Insider Threat Detection

    Uploaded by

    Lareb Drigh
    1 views1 page
    1. Manually handling hundreds or thousands of daily endpoint alerts from major corporations is inefficient and a waste of time, leading to slow response and increased insider threats. 2. The solution uses an automated toolkit to enrich endpoint alerts with internal and external data sources like the CMDB and threat intelligence to determine if alerts indicate known threats. 3. The toolkit can then automatically remediate threats by isolating infected endpoints, notifying IT, and opening help desk tickets to address alerts in real-time and prevent events from escalating.

    Original Description:

    Use case

    Original Title

    use case - Endpoint Protection - Insider Threat Detection

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. Manually handling hundreds or thousands of daily endpoint alerts from major corporations is inefficient and a waste of time, leading to slow response and increased insider threats. 2. The solution uses an automated toolkit to enrich endpoint alerts with internal and external data sources like the CMDB and threat intelligence to determine if alerts indicate known threats. 3. The toolkit can then automatically remediate threats by isolating infected endpoints, notifying IT, and opening help desk tickets to address alerts in real-time and prevent events from escalating.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views1 page

    Use Case - Endpoint Protection - Insider Threat Detection

    Uploaded by

    Lareb Drigh
    1. Manually handling hundreds or thousands of daily endpoint alerts from major corporations is inefficient and a waste of time, leading to slow response and increased insider threats. 2. The solution uses an automated toolkit to enrich endpoint alerts with internal and external data sources like the CMDB and threat intelligence to determine if alerts indicate known threats. 3. The toolkit can then automatically remediate threats by isolating infected endpoints, notifying IT, and opening help desk tickets to address alerts in real-time and prevent events from escalating.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Visual Paradigm Online Free Edition

    Endpoint Protection
    Endpoint alarms can quickly overload a security operations team, making an efficient
    - Insider Threat
    alert response impossible.
    Detection
    1. Every day, hundreds or thousands of endpoints in major corporations generate alerts linked to potential insider
    threats.
    2. Manually performing high-volume endpoint operations in a corporate environment is inefficient and waste of
    Problem
    time.
    3. Slow mean time to response (MTTR) results in a rapid increase in the number of wider insider threats and
    increased risk.

    Triage endpoint-related warnings automatically and execute appropriate remedial measures

    EDR for all


    Isolate
    Yes infected Send notification alerts
    affected hosts
    endpoints

    Threat
    intelligence
    Solution EDR alert Is it a know
    and query
    comes in to bad?
    against CMDB
    our tool kit
    for indicators, Open ticket on IT help
    alert enriched desk

    No

    Close the record

    Our toolkit can automatically identify and address endpoints-related alerts caused by Insider threats
    by enriching the data with internal sources like CMDB external sources with threat intelligence or querying
    an endpoint detection and response (EDR) tool for more context searching for other infected endpoints and
    Benefit then remediating with appropriate actions killing processes, isolating the endpoints, and many more.

    SOAR guarantees that all endpoint-related alerts are dealt with. Real-time response activities can be done,
    preventing events from growing and causing any major losses.

    Visual Paradigm Online Free Edition

    You might also like