NEW YORK and TEL AVIV, Israel, August 3, 2016 /PRNewswire/ --
SECDO, an innovative provider of next-generation detection, investigation and response solutions, introduced today full automatic alert validation and two-way integration with leading SIEM platforms HP ArcSight, McAfee Enterprise Security Manager and Splunk Enterprise Security. These capabilities make SECDO the first Endpoint Detection and Response (EDR) solution to fully automate SIEM alert validation and provide two-way integration, helping large organizations accelerate detection, investigation and response for the thousands to tens of thousands of alerts organizations face each day.
SECDO imports alerts from the SIEM and automatically investigates them to determine whether they are true incidents using its proprietary Endpoint Activity Monitoring and Causality Analytics technologies. The platform indicates the severity level and identifies which events require immediate investigation, while providing the full context for every SIEM alert based on 100 days of thread-level forensic data. It then passes the information back to the SIEM, displaying a list of prioritized incidents within the SIEM dashboard.
SECDO displays the entire attack chain for an alert back to the root cause, providing a detailed and comprehensive timeline. The platform provides security analysts with interactive visual tools for investigation of the incident across the enterprise, as well as rapid response capabilities including IceBlock™, which freezes malicious processes in memory, and endpoint isolation.
An Early Access version is currently available and General Availability will be in October.
"As many organizations increasingly rely on SIEM solutions, investigating the overwhelming amount alerts is a critical, yet time-consuming and painstaking process that has become a serious bottleneck," said Shai Morag, the CEO and Co-founder of SECDO. "With our new two-way SIEM alert validation, SECDO enables security teams to focus their efforts on high priority incidents and eradicate breaches quickly."
SECDO develops innovative cyber solutions that enable security operations teams to detect, investigate and remediate advanced threats. With a winning combination of groundbreaking technologies, SECDO provides continuous visibility into all endpoint and server activity, identifies suspicious behaviors and triggers an automatic response. SECDO features a powerful, intuitive investigation platform that visualizes attack chain timelines and provides a complete picture of events so analysts immediately understand the "who, what, where, when and how" behind incidents and can remediate effectively. Enterprises and MSSPs use SECDO to detect and contain threats, while accelerating incident investigation and response. Learn more at sec.do.
SECDO Media Contact: