Incident response software automates the process of and/or provides users with the tools necessary to find and resolve security breaches. Companies utilize the tools to monitor networks, infrastructure, and endpoints for intrusions and abnormal activity. They then use the programs to inspect and resolve intrusions and malware in the system. These products provide capabilities to resolve issues that arise after threats have bypassed firewalls and other security mechanisms. They alert administrators of unapproved access of applications and networks. They also have the ability to detect a variety of malware variants. Many tools automate the process of remedying these issues, but others guide users through known resolution processes.
Many incident response solutions function similarly to security information and event management (SIEM) software, but SIEM products provide a larger scope of security and IT management features.
To qualify for inclusion in the Incident Response category, a product must:
Incident Response reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
Rapid7 InsightIDR is a fully integrated detection and investigation solution that gives you the confidence to identify a compromise as soon as it occurs. InsightIDR leverages attacker analytics to detect intruder activity earlier in the attack chain, cutting down false positives and unnecessary work for security professionals. Hunt for actions indicative of compromised credentials, spot lateral movement across assets, detect malware, and set intruder traps. Make investigations 20x faster by unco
D3 Security provides a proven incident management platform that empowers security operations with a full-lifecycle remediation solution and a single tool to determine the root cause of and corrective action for any threat- be it cyber, physical, financial, IP or reputational.
Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators the ability to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropriate, malicious, or emails containing compliance violations and also follows forwarded mail and distribution lists and creates an auditable activity trail. With Proofpoint Threat Response
Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real-time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations. Swimlane was founded to deliver scalable, innovative and flexible security solutions to organizations strugglin
AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physica
SIRP is a Security Orchestration, Automation and Response (SOAR) platform that helps organizations effectively manage their security operations with Incident Management, Threat Intelligence, Vulnerability Management and Risk Management modules. It combines security infrastructure orchestration, playbook automation and case management capabilities to integrate your team, processes and tools together. SIRP makes security data instantly actionable, provides valuable intelligence and context, and en
CB Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. CB Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. CB Response also allows teams to
DERDACK Enterprise Alert® is an alert notification & mobile response software for on-premises and private cloud installation. It increases agility and responsiveness of operations teams in manufacturing, utilities, IT services, transport & logistics. Enterprise Alert fully automates targeted alerting processes and provides for a faster, more reliable and effective response to incidents threatening the continuity of services and operations. This is in particular importance for 24/7 oper
The Siemplify Security Operations Platform is an intuitive, holistic workbench that makes security operations smarter, more efficient and more effective. Siemplify combines security orchestration, automation and response (SOAR) with context-driven case management, investigation and machine learning to make analysts more productive, security engineers more effective, and managers more informed about SOC performance.
A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Cyber Triage™ is incident response software that simplifies the collection and analysis of endpoint data. Cyber Triage enables companies to have a first response capability by automating the collection and analysis of endpoint data that answers the triage questions. It provides endpoint visibility without requiring software agents. It compares data with other systems in the enterprise to help responders know what is normal. It makes the results available during future responses so the knowledge
Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file serve
LogRhythm, a leader in NextGen SIEM, empowers organizations on six continents to measurably reduce risk by rapidly detecting, responding to, and neutralizing cyberthreats. LogRhythm’s Threat Lifecycle Management (TLM) workflow is the foundation for security operations centers, helping customers secure their cloud, physical, and virtual infrastructures for IT and OT environments.
StealthDEFEND is the real-time threat analytics component of STEALTHbits’ Data Access Governance Suite. Leveraging unsupervised Machine Learning, StealthDEFEND eliminates excessive and undifferentiated warnings to surface truly meaningful trends and alerts on attempts to compromise your sensitive data. TOP FEATURES: - Unsupervised Machine Learning – Analyze a rich set of data with Machine Learning models that evaluate, correlate, and baseline the activity and behavior of users. - Seamless Sens
Every incident is unique and one plan won’t fit all situations. Cobalt helps you manage all those “What if?” moments and makes sure everyone is reacting accordingly. The result? The response you plan is the response you get. Our comprehensive platform provides the simplest and most effective way to coordinate your response team and track progress for incidents major and minor.This increased efficiency will get you back in business, faster. Cobalt is a cloud-based, incident response system that
LogicManager believes performance is a result of effective risk management. Since 2005, LogicManager's enterprise risk management (ERM) software has empowered organizations to uphold their reputation, anticipate what's ahead, and improve business performance through strong governance. Today, LogicManager’s SaaS software and included advisory service help businesses integrate risk, governance, and compliance activities so they can protect their employees, customers, and shareholders. LogicManag
OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. According The Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018, OneTrust "leads the pack for vision and execution." Additionally, Fast Company named OneTrust as one of 2019's World's Most Innovative Companies. More than 2,500 customers, both big and small and across 100 countries, use OneTrust to implement their privacy, security and third-par
ActivLink is middle-ware that integrates ActivWare, Activus visualization and collaboration software platform, with a customers analytical or monitoring software to automatically present actionable information based on a triggering event or alarm condition, leading to better, faster incident response
To date, organizations have lacked an efficient process for gathering, organizing, and analyzing user reports of suspicious emails that may indicate early stages of a cyber attack. Cofense Reporter provides organizations with a simple, cost-effective way to fill this information gap.
Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.
Agari Incident Response™ is the only turnkey solution purpose-built for Microsoft Office 365 to automate the process of phishing incident response, remediation, and breach containment. Agari Incident Response, using continuous detection and response technology, simplifies and accelerates threat hunting by instantly discovering all email attacks matching newly discovered indicators of compromise (IOCs) across all inboxes. The Agari SOC Network, a cyber intelligence sharing network, provides a c
Continuity Engine ("CE") is a business continuity software that protects your most mission-critical applications with a goal of zero downtime. Beyond HA or replication, CE takes a proactive approach with true continuous data protection. CE delivers near-zero recovery times by monitoring the health of your applications and instantly failing over if a threat is detected. Simply put, we can help you prepare for and protect your applications, servers, and data from disaster and unplanned outages.