WireX Systems platform constantly monitors, analyzes, and categorizes all network activities, not just the ones marked as bad. When responding to a specific alert, it takes just a few seconds to see who this user was connected to, what type of activities where performed, and view all downloads and uploads of files. WireX can also see all database transactions and deliver months of in-depth visibility.
With integrations to all leading SIEM platforms, it only takes a click to pivot directly from the SIEM into WireX Systems platform. Using an intuitive visual query interface, it is easy for even the less experienced security team members to get the full picture. Each query performed in the system is automatically tagged as part of the imported ticket, enabling to work on multiple cases in parallel and keep track of all the performed actions—offering a true knowledge sharing base on how to respond to each threat.
“Organizations, today, face more alerts than they could possibly handle. Skilled workforce is also hard to find and maintain. Our customer feedback suggests that WireX helped them create the workflows for response which can be executed by their Tier-1 operators—also enabling them to build, maintain, and share their security knowledge base.
Empower your security team with a tool that will help them regain control and slash down respond time to minutes
They are no longer dependent on these hard-to-find security gurus. Actually, the more they use the system, the easier it becomes to respond as the entire security team is benefiting from this process.”
An example could be that a specific user tried to download a potentially malicious file. An alert was generated and sent to the SIEM. Exporting that alert into WireX Systems’ platform will enable the responder to compile a clear picture of the potential threat—who was this user communicated with, what applications and protocols did he use, see all the accessed copied or deleted) network files, DB transactions, SSL certificates, DNS queries, and so on. All this data is readily available and specific views were built (file attachments, SSL certificates, IP’s, email addresses, etc) to enable immediate access and drill down.
This data is also enriched using external tools, such as geo-location, IP and host reputation, sandboxing, and other threat intelligence feeds. The ability to start from an high level alert in the SIEM, drill down to understand the scope and detailed activities that were performed with the ability to scan and enrich any artifact enables security team members to slash down their response time to minutes. With all the process automatically documented and shared (and easily exported back to the SIEM), it enables even a less experienced Tier-1 operator to execute an incident response process similar to a super experienced Tier-3 analyst—easing the burden on the experienced and expensive resources and at the same time, most importantly, reducing the MTTR.