Comprehensive Software Reviews to make better IT decisions

Sr hero 001 Sr hero 002 Sr hero 003 Sr hero 004

Proofpoint SOARs Above the Rest With Award-Winning Security Orchestration, Automation, and Response

Proofpoint’s Threat Response has claimed the Cybersecurity Excellent Awards Gold Winner for 2019 in the Incident Response category. While it is well known in the security space that there is no silver bullet solution for every attack, Proofpoint’s solution aims to reduce the manual labor and guesswork required in times of chaos, helping organizations to resolve incidents more efficiently.

Threat Response is a security orchestration, automation, and response solution designed to manage several crucial steps of the incident management process. The solution is able to ingest security alerts from multiple security tools and endpoint forensics as well as additional context and intelligence from both internal and external sources.

By aggregating and analyzing all of this data, the solution can make that data actionable by then automating workflows and response procedures, including lists and objects for enforcement. It can integrate with existing security infrastructure to block verified threats and quarantine infected systems and user accounts to minimize the prorogation of the incident.

Our Take

While the solution offers significant benefits, there are some potential drawbacks and possible risks to be aware of:

  • Garbage in, garbage out. The solution can be limited by the quality of data that it is given. If your security controls or threat intelligence are not providing accurate data, false positives may lead to extra work or true positives may result in incidents not being detected until it’s too late.
  • Better safe than sorry? Quarantining and containing infected systems may result in over-protection at times, which may prevent users outside the scope of the incident from performing their job duties.
  • Too much of a good thing? The automated eradication may resolve the issue too quickly, before it has been fully investigated. As a result, the learning process associated with incident response may be lost. The symptoms of the attack are addressed, but the vulnerabilities that caused it have not necessarily been tackled.

Want to Know More?

Proofpoint – Threat Response

Cybersecurity Excellence Awards – Proofpoint Threat Response