Incident Responder

Incident Responder automates response processes and works at the inbox level to quickly close down and contain active threats.

Technology solutions will never detect and block 100% of email-based attacks, leaving you reliant on the response of your users. How do your users report a suspicious email? How do you respond to these events?

Over 90% of successful data breaches are initiated by an email-based attack costing businesses $3 trillion per year and driving considerable technological investments, such as firewalls and anti-spam, to provide protection.

Incident Responder Workflow

Incidents of email-based attack are reported by end-users (using our Outlook plugin), SOC team members and 3rd party IOC feeds to the Keepnet™ Incident Response Platform (IRP).

Once received, the IRP analyses the header, body and attachments using our proprietary technology in addition to a number of integrated, best-in-class services for Anti-Spam, URL Reputation, Anti-Virus, Malware Sandboxing etc.

Keepnet™ will also integrate and automate other threat analysis services you may have, such as Fireeye, Bluecoat or Palo Alto, saving you time and reducing your technical dependency. It is a simple process to create custom rules, playbooks and workflow to ensure Keepnet™ IRP responds to threats in ways that suit your specific policies.

On completion of the analysis, Keepnet™ IRP delivers detailed results, with industry-leading certainty, to the SOC team for further investigation and response.

Incident Investigation & Response

A unique feature and major benefit of Keepnet™ IRP is all investigation is done directly on the user’s inbox instead of at the server exchange, giving you maximum agility and reducing response time.

After finding all instances of an attack Keepnet™ IRP offers a suite of response options. Malicious messages can be flagged with a warning in the user’s inbox, they can be deleted from the inbox or Keepnet™ can call a custom API to perform another action e.g. call the user’s phone.

Additionally, Keepnet™ IRP will generate SNORT and YARA alarm signatures to update your other cyber-security technologies.