MSSP Advancements • 4 MIN READ
The Value of a Managed Incident Response Platform
by Eleanor Barlow • May 2021
SecurityHQ’s Incident Management and Analytics platform is a comprehensive Cyber Incident Response and Analytics platform powered by IBM QRadar, IBM Resilient and IBM X-Force, to help customers and Managed Security Service Providers track, visualize, respond to, and recover from cyber incidents.
The platform won IBM 2021 Beacon Awards, for Outstanding Security Solution. And with good reason. It is the core of all SecurityHQ services and is used globally to visualize, prioritise, connect, and respond to cyber security threats.
As these cyber threats grow, and technology develops at a rapid speed, businesses need dedicated security experts, cutting-edge technology and processes, and an enterprise grade experience that ensures that all IT virtual assets, cloud, and traditional infrastructures, are protected, 24/7. Which is why this SecurityHQ platform provides the following key features to accelerate and significantly improve cyber incident detection and response capabilities.
Features of a Managed Incident Response Platform
Built to simplify the complexity of cyber security for stakeholders, CISO’s, SOC Analysts, Threat Hunters, Incident Responders and Auditors, the platform is built on, and incorporates, the following three industry leading frameworks:
- VERIS – Vocabulary for Event Recording and Incident Sharing, to use common terminology for describing security incidents in a structured and repeatable approach.
- MITRE ATT&CK – To track tactics and techniques used by the adversary.
- NIST Cybersecurity Framework – To support customers to detect, respond to, and recover from cyber incidents.
Cyber Incident Analytics and Visualization
The platform provides access to real-time interactive visualizations and advanced analytics with meaningful and actionable views of incident trends, deviations, anomalies, and concern areas, with seamless access to incident tickets based on the QRadar accumulator.
Smarter Orchestrated Response
Supports customers to automate and accelerate incident response to contain threats and take remediation actions based on pre-agreed SOPs and playbooks.
‘SecurityHQ Response’ mobile app and desktop is used to support customers, SOC and MSSP partners to collaborate cyber response anytime from anywhere. The mobile app helps customers to securely access the SecurityHQ data from their mobile phones while on the move, and improve cyber response collaboration between SOC, CISO and customer’s internal stakeholders.
Clients and partners have access to a library of APIs supporting a variety of ITSM ticketing systems to ensure seamless business continuity.
Automated Incident response powered by IBM Resilient
Automate multiple cyber incident playbooks by leveraging IBM Resilient for automated containment and response measures.
Smart Integration & Automation
Implemented generic APIs to integrate with third party ticketing systems at the customer/partner end to simplify the collaboration between the teams. Through this two-way-integration, the customer teams may collaborate with the MSSP SOC teams via their respective systems.
There are challenges that all businesses have faced or will face when it comes to their security. By utilizing the above features, this platform provides the solution for each of these challenges, by:
Simplifying Incident Handling.
SecurityHQ make the incident handling process accessible to both technical and non-technical staff.
SecurityHQ show real-time metrics on incident management KPI’s for speed of response and incident lifecycle management.
Incident Data Anywhere, Anytime.
Incidents will occur at the least convenient times. SecurityHQ Response Mobile app allows management of incidents on the go.
IBM Security Stack Made Accessible.
The product of our service and platform is real qualified security incidents, with analysis, risk assessment and response recommendations. This is the output of the intelligence, correlation, and automation which IBM QRadar, Resilient and X-Force curate. SecurityHQ Response makes this accessible to technical and non-technical stakeholders.
MSSP Multitenant Operational Effectiveness.
Reduce cost, improve SOC operations and enhance service delivery of Managed Security Services.
For more on how the platform works, read ‘Incident Management Analytics Platform Update’, take a look on the website , or speak to one of our specialists here for more information.