There is a time delay between the threat detection and an adequate response due to the need to analyze each alert and event and the adherence to the communication workflow between the departments concerned, which manage different tools. Synapsa receives syslog message from detection tools and Interconnector takes all necessary steps. It automatically recognizes triaged event and mitigates threat or allow to Security Operation ‘one click’ threat blocking on devices which are not in their administration based on predefined rules.At the end, IT and Security Operation teams receive the report and forensics can be executed.
Incident response is a critical, time-sensitive activity, and in virtually all organizations security analyst time is scarce. It is impossible to manually review and investigate all alerts from modern security tools. Synapsa allows to use event collection based on syslog, webhook or even plain text, triage it, double check with integrated lookup services using external or internal Threat Intelligence sources and based on predefined rules runs the incident response tasks automatically. It significantly reduces time to execution, mitigates a critical incident, preventing malware from spreading or stopping attackers from doing any more damage.
Cyber threat or attacker recognition
Automatic or On-Approval mitigation
Immediate result notification