To keep up with an ever-evolving environment, stay ahead of attackers, and combat the constraints of an under-resourced industry, security teams must find ways to improve efficiency in their security operations.
InsightIDR, offers a number of automation features to double down on these efficiencies. These include prebuilt workflows for things like containing threats on an endpoint, suspending user accounts, or integrating with ticketing systems. To further build on these capabilities, InsightIDR recently added enrichment via open source threat intelligence to this list of workflows, as well as the ability to trigger any of these workflows (or InsightConnect workflows) off of User Behavior Analytics (UBA) alerts.
When investigating threats in InsightIDR, you not only get important context, but you can take immediate steps to contain a threat. With the included Insight Agent, you can kill malicious processes or quarantine infected endpoints from the network. You can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools.
Whenever you get an alert in InsightIDR, notable user and asset behavior is shown on a visual investigation timeline. Not only do you have the necessary context to make a decision regarding a user account, but you can take action directly from an investigation to contain the threat. Supported vendors include Active Directory and Okta for user-level containment.
Enrich investigations and User Behavior Analytics alerts with open-source or supported threat intelligence feeds through prebuilt workflows in InsightIDR, or via InsightConnect for even more extensibility.