The holy grail of incident response

August 17, 2016

Time is of the essence when you’re investigating security incidents. While it’s critical to find out as much as you can about the incident from internal sources (logs, network activity, endpoint data, etc.), you also need context about what type of threat you’re facing.

When you come across an domain, IP, or file hash during investigations, you need to answer dozens of questions ASAP.

  • Is this malicious? What’s known about it?
  • What other domains, IPs, or file hashes are related?
  • Is this a widespread threat or more targeted?

And to answer these questions today, you probably need to go to multiple sources and manually piece the puzzle together. What if you had a single, correlated source of intelligence instead?

Cisco Umbrella Investigate now includes malware file data from Cisco Threat Grid. Join our webcast to learn how Investigate provides the most complete view of the infrastructure used in attacks. With Investigate, you can:

  • Instantly validate malicious domains, IPs, and file hashes
  • Identify the internet infrastructure and malware files related to attacks
  • Uncover infrastructure being staged for future attacks
  • Speed up investigations and stay ahead of threats
Previous Article
How Cisco Umbrella Stays Ahead of Attacks
How Cisco Umbrella Stays Ahead of Attacks

Different security methods are required to combat different attacks.

Next Flipbook
Cisco Umbrella FAQs
Cisco Umbrella FAQs

Get answers to the most common questions we hear from customers.