The holy grail of incident response

August 17, 2016

Time is of the essence when you’re investigating security incidents. While it’s critical to find out as much as you can about the incident from internal sources (logs, network activity, endpoint data, etc.), you also need context about what type of threat you’re facing.

When you come across an domain, IP, or file hash during investigations, you need to answer dozens of questions ASAP.

  • Is this malicious? What’s known about it?
  • What other domains, IPs, or file hashes are related?
  • Is this a widespread threat or more targeted?

And to answer these questions today, you probably need to go to multiple sources and manually piece the puzzle together. What if you had a single, correlated source of intelligence instead?

Cisco Umbrella Investigate now includes malware file data from Cisco Threat Grid. Join our webcast to learn how Investigate provides the most complete view of the infrastructure used in attacks. With Investigate, you can:

  • Instantly validate malicious domains, IPs, and file hashes
  • Identify the internet infrastructure and malware files related to attacks
  • Uncover infrastructure being staged for future attacks
  • Speed up investigations and stay ahead of threats
Previous Video
The modern way of hunting  - how three CTOs tackle incident response
The modern way of hunting - how three CTOs tackle incident response

Your corporate network is open terrain. And it's hunting season. Malware, ransomware, and phishing scams ...

Next Flipbook
Covering Your DNS Blind Spot
Covering Your DNS Blind Spot

Enhance your security visibility and improve incident response and policy compliance.