Often times responding to security incidents requires a set of distinct actions performed by disparate personnel and teams as the investigation evolves. One piece of this response is managing the incident playbook and automating routine tasks to allow the IR team to focus on higher value activities. IBM Resilient arms teams with a powerful platform for managing and resolving incidents quickly and efficiently using a single intelligent hub for driving fast action. A second piece of this response involves visualizing and reporting on the incident in a way that is consumable and reusable for security teams and executives alike. Avalon provides analysts a quick way to visualize incidents, enrich the data to expand the investigation, share and collaborate with other teams in real-time, and preserve and report the results in a dynamic workspace.
We’re excited to announce that the new integration between Avalon and IBM Resilient is available to help improve incident response in a meaningful way so analysts can communicate and report their findings in real-time with needed stakeholders. Together, this-bi-directional integration enhances the capabilities of both products and allows security teams to work as efficiently as possible. Here’s a quick walkthrough to show you how:
An Avalon workspace can be automatically created from Resilient with a click of a button. Provide analysts, IR teams, and others with a centralized place to work together in real-time on an incident.
Artifacts attached to Resilient security incidents can be pushed to an Avalon workspace so analysts can visualize the artifacts and their relationships. Multiple analysts and teams can work together in the Avalon workspace to interact with the graph, enrich the artifacts with additional data, chat and collaborate on the incident in real-time – saving valuable time and resources.
Deliver & Preserve
Once the investigation is complete, you can easily deliver finished intelligence and reporting to key stakeholders directly from Avalon in a format that works best for them. Data as nodes in an Avalon workspace tied to a Resilient security incident can then be pulled back into Resilient to perform orchestration actions and close the investigation. This can be a one-time pull for a point-in-time incident or it can be configured to auto-refresh if the investigation in Avalon may continue for a time while analysts continue monitoring the threat. Using Avalon as a centralized knowledge management repository, Resilient can be continually populated with the latest data and analysis and any new investigations can be automatically enriched from previous ones.
Working together, Avalon and IBM Resilient empowers analysts and security teams to more efficiently visualize and enrich data, work together to investigate threats, quickly take needed actions, and greatly reduce the time spent on manual and administrative tasks to create and deliver investigation results to key stakeholders throughout your organization.