Network alerts are incredibly abundant, often low fidelity or trivial in nature, which all but renders them unusable as a data source.
Gold in with the Garbage
Network data can provide critical information for investigation and analysis, but it’s hard to find and use due to the poor signal to noise ratio.
Network Expertise Essential
Understanding network alerts and their correlation to non-network data sources and attack patterns demands specialized expertise which many teams lack.
How Radiant Automates Network Alert Workflows
Radiant automatically triages every network alert with an AI-based engine, then performs an in depth impact analysis to determine root cause and uncover the full incident scope. Finally, Radiant auto-remediates the incident and notifies affected users of the incident outcome and corrective steps.
Triage Network Alerts Autonomously
Network security data is often plentiful and low value. Radiant utilizes an AI-powered triage engine to analyze each network security alert, alongside your organizations normal network activity and learned operating patterns, to make sense out of the noise.
- Limitless Capacity – Find the alerts that matter by autonomously triaging unlimited volumes of network data. Rest assured knowing that no alert is skipped.
- Data Stitching– Connect network alerts with other non-data sources to help determine if alerts are security relevant. e.g. network tells you that a computer is talking to a C&C center.
- Dynamic Analysis – Based on found in security alerts Radiant dynamically selects and performs dozens of additional inspections to accurately determine maliciousness of an alert.
Uncover Complete Incident Scope
Network alerts often provide critical information that may help detect attacks, but they are hard to interpret, and to connect back to non-network data sources to see the entire scope of an attack. Radiant automatically identifies all activity associated with a particular alert and threat, e.g. an infected device communicating to a command and control center.
- See the Entire Attack – Radiant stitches together data from multiple sources (e.g. email, identity, endpoint, network, and more) to follow the thread of incidents across attack types and data sources. This ensures no parts of an attack are missed, and are left unaddressed.
- Understand Root Cause – Obtain a comprehensive impact and root cause analysis for each malicious alert, including the incident’s complete scope, including affected users, credentials, and machines.
Intelligently Respond to Network Security Issues
Radiant automates containment and remediation of uncovered threats to quickly stop the spread of attacks and restore system health. Radiant’s response actions are tailored to address the specific problems uncovered in impact analysis. For example, blocking the specific IPs or URLs involved in C&C, isolating the hosts, etc.
- Dynamic Response Plans – Radiant sets itself apart from other security automation tools by eliminating static or predefined playbooks. Instead, Radiant dynamically chooses and executes corrective actions based on the findings of impact analysis.
- Flexible Automation Options – Work within your preferred comfort level of automation. Radiant offers instructions for security analysts to take manual actions using your tools, one-click resolution of items from Radiant, or the choice of a fully-automated response.
Expedite Escalation & Approval
- Addressing the complete scope of incidents often involves seeking approval from non-security business partners for necessary corrective tasks, such as blocking URLs or IP addresses at the network level, or to isolating a device from the network.
- Streamline Approvals – Secure permissions for corrective actions directly within Radiant’s response workflows, enabling your security team to promptly address potential threats with efficiency.
Automate Communication & Notification
Automated communication plays a vital role in the efficient investigation and response to network threats. Radiant enables seamless and timely information exchange among stakeholders, enabling efficient collaboration and prompt decision-making to mitigate risks effectively.
- Custom Response Templates – Use customizable templates as part of granular response workflows, providing updates on submission status, outcomes, and corrective actions taken.
- Productivity tool integration – Interact with your teams using the tools they are accustomed to, including Slack, Teams, email, and more.
Implementing safeguards within an organization is crucial to minimizing the chance of a future recurrence. After an incident has concluded, Radiant may suggest steps that can be taken to improve environmental resilience, such as blocking a URL filtering subcategory, enabling SSL decryption for specific destinations, or blocking connections to embargoed regions.