Secdo, a New York City cybersecurity startup, launched version 5.0 of its incident response platform with a new Behavioral Based Indicators of Compromise capability that enables businesses to better tailor the product’s protections to their needs. ?
As its name suggests, Behavioral Based Indicators of Compromise allows users to create and tune Secdo 5.0 to block behavioral patterns, processes and activities that may prove damaging to a company’s security posture. Users can also optimize the product to provide ongoing detection of recurring attacks, according to the company.
Also new is the Secdo Response Center, a hub for the product’s containment, forensic, remediation and incident response functionality.
Containment features include the company’s IceBlock technology, which essentially “freezes” potentially dangerous processes and endpoints, and can be unfrozen if they are deemed safe. Response Center also allows users to disable troublesome user accounts and isolate entire endpoint.
On the remediation front, users can quarantine malicious software, terminate processes, modify registry keys and take other actions that can surgically eliminate attack vectors. Forensic tools include process memory and string dumps, screenshots, file downloads, a live terminal and more.
In terms of security enforcement, the product provides process whitelisting and blacklisting, along with custom playbook actions based on behavioral and other types of indicators of compromise. Finally, Secdo can generate and send alerts to security information and event management (SIEM) systems or issue them as emails.
“The improvements in version 5.0 solidify our vision of providing a truly effective and highly efficient automated incident response solution,” said Gil Barak, CTO and co-Founder of Secdo, in a statement. “With years of enterprise experience empowering security and IR [incident response] teams with our powerful endpoint security and incident response solution, we are proud to take our technology to the next level with even greater built-in response capabilities.”
Secdo’s solution comes as IT experts find themselves struggling to implement and manage effective incident response processes and technologies.
A 2016 survey from Hexadite and the Enterprise Strategy Group (ESG) revealed that nearly all (98 percent) of North American IT professionals encountered incident response challenges. Most also said (71 percent) that incident response had become more difficult over the past two years.
A key problem affecting the industry is a security skills gap (91 percent). Other top challenges include across-the-board process monitoring, the sheer volume of threat intelligence and keeping up with a flood of alerts.