Incident Responder Workflow
Incidents of email-based attack are reported by end-users (using our Outlook plugin), SOC team members and 3rd party IOC feeds to the Keepnet™ Incident Response Platform (IRP).
Once received, the IRP analyses the header, body and attachments using our proprietary technology in addition to a number of integrated, best-in-class services for Anti-Spam, URL Reputation, Anti-Virus, Malware Sandboxing etc.
Keepnet™ will also integrate and automate other threat analysis services you may have, such as Fireeye, Bluecoat or Palo Alto, saving you time and reducing your technical dependency. It is a simple process to create custom rules, playbooks and workflow to ensure Keepnet™ IRP responds to threats in ways that suit your specific policies.
On completion of the analysis, Keepnet™ IRP delivers detailed results, with industry-leading certainty, to the SOC team for further investigation and response.
Incident Investigation & Response
A unique feature and major benefit of Keepnet™ IRP is all investigation is done directly on the user’s inbox instead of at the server exchange, giving you maximum agility and reducing response time.
After finding all instances of an attack Keepnet™ IRP offers a suite of response options. Malicious messages can be flagged with a warning in the user’s inbox, they can be deleted from the inbox or Keepnet™ can call a custom API to perform another action e.g. call the user’s phone.
Additionally, Keepnet™ IRP will generate SNORT and YARA alarm signatures to update your other cyber-security technologies.