The holy grail of incident response

August 17, 2016

Time is of the essence when you’re investigating security incidents. While it’s critical to find out as much as you can about the incident from internal sources (logs, network activity, endpoint data, etc.), you also need context about what type of threat you’re facing.

When you come across an domain, IP, or file hash during investigations, you need to answer dozens of questions ASAP.

  • Is this malicious? What’s known about it?
  • What other domains, IPs, or file hashes are related?
  • Is this a widespread threat or more targeted?

And to answer these questions today, you probably need to go to multiple sources and manually piece the puzzle together. What if you had a single, correlated source of intelligence instead?

Cisco Umbrella Investigate now includes malware file data from Cisco Threat Grid. Join our webcast to learn how Investigate provides the most complete view of the infrastructure used in attacks. With Investigate, you can:

  • Instantly validate malicious domains, IPs, and file hashes
  • Identify the internet infrastructure and malware files related to attacks
  • Uncover infrastructure being staged for future attacks
  • Speed up investigations and stay ahead of threats
Previous Video
Fight ransomware now or pay the price later – Learn how with Zones
Fight ransomware now or pay the price later – Learn how with Zones

Ransomware, a familiar–and unwelcome–issue in IT security circles, has risen sharply in recent months to be...

Next Video
Tracking the most significant threat for the Education Sector: Ransomware
Tracking the most significant threat for the Education Sector: Ransomware

Imagine losing access to all of your critical data for your institution — only to find out you are being ex...