Effective incident response is vital in the fight against cybersecurity threats, as swift containment and recovery can significantly minimize the damage from attacks. Minimizing recovery time is especially critical in reducing operational disruptions and financial losses, making robust incident response solutions a priority for organizations today.
Silverfort announced its new Identity-First Incident Response (IR) solution, which it claims can reduce remediation times for security breaches from weeks to days. According to the company, the solution focuses on compromised identities first, rather than infected machines or anomalous network activity, in an effort to improve incident response and containment effectiveness.
The company stated that its Identity-First IR solution has already assisted several Fortune 500 companies, helping teams identify and lock down compromised accounts to minimize the blast radius of attacks. Silverfort says the solution uses machine learning and artificial intelligence to provide actionable telemetry, enabling incident responders to identify which accounts need to be blocked and which can remain operational, aiming to maintain business continuity during investigations.
Eric Haller, a Silverfort Advisor and former VP of Sec Ops & GRC at Palo Alto Networks, described the challenge of balancing containment with productivity during incidents. “Responding to large incidents where lateral movement has taken place can be difficult,” Haller said. “Often, practitioners have to make difficult decisions with incomplete information when deploying containment actions, balancing attacker damage against business disruption. Having the ability to immediately challenge all authentication events while still allowing business operations to continue is like a surgeon having the ability to slow a patient’s heartbeat in order to perform surgery. You can effectively put an entire company ‘under,’ without stopping productivity, while you investigate the source of the issue.”
Silverfort designed its approach to freeze stolen accounts and prevent lateral movement, reducing breach impact. The company claims organizations with up to 50,000 users can deploy the solution mid-breach in less than 12 hours.
“Race Against The Clock”
“Incident response is a race against the clock,” said Ron Rasin, Chief Strategy Officer at Silverfort. “In today’s rapidly changing threat landscape and sophisticated AI-backed threat actors, security teams can’t afford to be hunting for an anomaly when potential attacks occur or systems go down. Silverfort’s IR solution complements existing tools by instantly blocking compromised identities and adjacent machines and offering immediate visibility into those machines. We stanch the bleeding to ensure a safe recovery.”
As described by Silverfort, the solution’s features include real-time blocking of compromised user accounts, activating an “Authentication Firewall” to analyze and deny risky access attempts, and integrating with existing Security Operations tools. These features are intended to help IR teams quickly stop attacks and provide high-precision risk analysis to reduce false positives.
Silverfort says its Identity-First IR solution aims to provide a unified identity security layer across both on-premises and cloud environments, giving security teams tools to respond more effectively to identity-based attacks.
Other News: Russian Hackers Breach Microsoft(Opens in a new browser tab).
Other News: Watch out, CFOs: Cybercrime is booming, says former White House advisor.