PRODUCT: RESPOND

AUTOMATE RESPONSE

Start remediating security issues at machine speed and without human error.

LIVE TERMINAL

Accelerate incident response with secure live terminals with detailed audit logs.

PLAYBOOKS

Define your workflows and policies in an simple graphical playbook editor.

Accelerated Incident Response

Incident response is the critical process that stops incidents from turning into breaches. DarkBytes Respond is an incident response platform that helps security teams contain and remediate security issues faster than ever before.

How It Works

Playbooks have 3 basic concepts – triggers, conditions, and actions.

Trigger – Playbooks start execution when the trigger criteria is met. Multiple triggers can be set for a single playbook. Any trigger that evaluates to true will begin the execution of the playbook.

Condition –  Conditions control the logical flow of the playbook. Conditions are added in blocks which are a set of conditions which must all evaluate to true. Common examples of conditions include risk score, IP address, hostname patterns, and platform. All conditions in a block must evaluate to true to execute actions.

Actions – Actions are an ordered set of tasks such as killing processes, blocking IP addresses, opening tickets, and other security operations tasks. Action blocks can be “paused” with an “approval gate” which will require manual human intervention to run subsequent actions.