Out-of-the-Box Integrations Automate Cisco AMP ThreatGrid Malware Defense Processes
A common repetitive task performed in a SOC is to submit suspicious files to a malware sandboxing technology. These technologies then execute the binary in a safe environment and report back with valuable details about how that particular bit of malware works. Analysts follow up by reviewing the results and taking various actions like gathering additional information from threat intelligence sources, updating rule sets, performing remediation procedures like isolating a host, etc. Unfortunately, other than the sandbox running itself, these are all very time-consuming manual processes.
Image may be NSFW.
Clik here to view.
Swimlane’s out-of-the-box integration with Cisco ThreatGrid allows you to automate a large part of the malware investigation and response process. It can submit suspicious binaries for execution in ThreatGrid’s sandboxing technology, retrieve the resulting report, and automatically execute an appropriate response.
Driven by Swimlane’s built-in, automated workflow capabilities, different sets of remediation actions can be taken based on the results of ThreatGrid’s sandbox report. An example of this is depicted in the workflow below:
Image may be NSFW.
Clik here to view.
A common specific use case for leveraging Swimlane integrations with a sandboxing technology like ThreatGrid is to analyze suspicious email attachments. Often a security team will implement a program that allows users to submit suspicious emails to the SOC for analysis. Manual analysis of these emails can take quite a bit of time – extracting headers, pulling URLs out of the body, grabbing attachments, submitting these to sandbox technologies and querying threat intelligence sources for the indicators.
And that’s just to determine whether the email is an actual Phishing attempt. Response actions are completely separate set of typically manual tasks that a security analyst must perform. But they can now be intelligently automated using Swimlane’s data-driven Workflow in conjunction the full collection of integrations available in Swimlane.
If you’re interested in learning more, we’ll be showing a live demo of our integrations with Cisco Security products in a joint webinar.
Stop Phishing Attacks with Automated Incident Response Webinar
Presented by: Cisco AMP ThreatGrid and Swimlane
February 9, 2017 at 1pm ET/10am PT
The post Automate ThreatGrid Investigation and Response with Out-of-the-Box Swimlane Integrations appeared first on Swimlane.
