Incident response in seconds, not days

When an organisation detects a compromise, rapid incident response can mean the difference between quick containment or a damaging data breach. LogRhythm’s Technology Alliances team works closely with our Technology Partners to build meaningful SmartResponse™ Plug-ins to close the loop within your security product ecosystem. Whether it’s automating common investigation tasks or streamlining remediation and response, SmartResponse will empower your team to work smarter and faster. Here are a few SmartResponse integration highlights:

Carbon Black

Carbon Black Response is a next-generation endpoint detection and response platform with complete visibility and real-time response capabilities. Our LogRhythm SmartResponse Plug-in issues commands through Carbon Black’s Live Response to enable a number of critical actions, such as working with processes, files, and memory—as well as host isolation. These actions allow the incident responder and forensicator to research, respond, and remediate in real time.

CyberArk

CyberArk is the global leader in privileged account security and delivers a complete solution to manage and reduce the risk associated with privileged credentials. The CyberArk SmartResponse Plug-in utilises the CyberArk Response Manager to allow an alarm or analyst to interact with the Enterprise Password Vault. SmartResponse can disable and enable users, force a credential change, and adjust the security policies around a credential. High priority alarms or suspicious activity uncovered by an analyst can quickly lock down credentials—limiting the impact an attacker can have on an environment.

Infoblox

Domain Name System (DNS) is critical and ubiquitous. Attackers exploit this to move quickly through and maintain control of your network. Infoblox’s Grid Master exposes a REST API that SmartResponse can utilise to add IPs and fully qualified domain names to an Infoblox Response Policy Zone. Using this integration, your organisation can block responses to malicious DNS names across all hosts, or block all DNS resolution from an infected system on an internal network.

Recorded Future

Independent testing has shown that integrating real-time threat intelligence into your SIEM can cut firewall event triage from three minutes down to 1.2 seconds. Recorded Future authored a SmartResponse Action that can automatically populate an alarm with their unique threat score and score card data. This reduces the number of screens an analyst needs to switch between and dramatically decreases the time needed to triage and respond to alerts. Additionally, using LogRhythm’s integration with Recorded Future, indicators found while analysing logs can be queried directly from the inspector pane, adding immediate context to external indicators.

LogRhythm SmartResponse Output Figure 1: LogRhythm SmartResponse Output (Click to Enlarge)