MSSP Advancements • 4 MIN READ
The Value of a Managed Incident Response Platform
by Eleanor Barlow • Jun 2024
[The content of this blog was originally released in May 2021, and was updated June 2024]
SecurityHQ’s award winning, Incident Management and Analytics platform is a comprehensive Cyber Incident Response and Analytics platform, designed to help customers and Managed Security Service Providers track, visualize, respond to, and recover from cyber incidents.
‘SHQ Response Platform acts as the Emergency Room, and the Risk Centre provides the Wellness Hub for all cyber security monitoring and actions. This has included a complete rewrite on how risks are visualized and how customers work with their security team.
The Risk Centre is designed with the purpose of preventing emergencies before they arise. To make this possible, SecurityHQ has combined its intellectual property and knowledge on risk mitigation and cybersecurity, and merged this with several recognized sources in the industry, including the National Institute of Standards and Technology (NIST), the National Cyber Security Centre (NCSC), and MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), to provide actions on how to identify, map, and raise risks.’ – ‘SHQ Response Rewrites the Rules on Cyber Risk Visualization & Collaboration’
Building SHQ Response
Built to simplify the complexity of cyber security for stakeholders, CISO’s, SOC Analysts, Threat Hunters, Incident Responders and Auditors, the platform is built on, and incorporates, the following three industry leading frameworks:
- VERIS – Vocabulary for event recording and incident sharing, to use common terminology for describing security incidents in a structured and repeatable approach.
- MITRE ATT&CK – To track tactics and techniques used by the adversary. Investigate & prioritize incidents, categorizes incidents against MITRE ATT&CK, & assign risk level, based on CIA attributes, asset criticality, and impact. View incident graphic card, which showcases real-time Incident Information, including time-line perspective tab, graphical representation tab, and MITRE Tactics Tab.
- NIST Cybersecurity Framework – To support customers to detect, respond to, and recover from cyber incidents. Manage risks in accordance with NIST 800-30, and identify maturity and high impact mitigations, linked to NIST 800-53.
Through this, users can map threats, assets, and vulnerabilities to derive risks, track mitigations, task assignments, and progress. As well as link compliance incidents to risk, to reduce repetitive incidents creating noise.
‘SHQ Response Platform is unique in the industry as it follows a combination of different sources and is always viewed within the context of the customer. The Risk Centre itself is what makes this such a unique offering, as the user is now able to calculate the impact of security threats to the business, the likelihood of risks happening, identify all the different tactics and techniques, and highlight how best to mitigate these risks, all from a single location.’ – Chris Cheyne, SOC Director & CTO, SecurityHQ
Cyber Incident Analytics and Visualization
The platform provides access to real-time interactive visualizations and advanced analytics with meaningful and actionable views of incident trends, deviations, anomalies, and concern areas, with seamless access to incident tickets.
Smarter Orchestrated Response
Supports customers to automate and accelerate incident response to contain threats and take remediation actions based on pre-agreed SOPs and playbooks.
Anytime-Anywhere Collaboration
Incidents will occur at any time. SecurityHQ Response Mobile app allows management of incidents on the go. The mobile app helps customers to securely access the SecurityHQ data from their mobile phones while on the move, and improve cyber response collaboration between SOC, CISO and customer’s internal stakeholders.
‘SecurityHQ Response’ mobile app and desktop is used to support customers, SOC and MSSP partners to collaborate cyber response anytime from anywhere.
Smart Integration & Automation
Clients and partners have access to a library of APIs supporting a variety of ITSM ticketing systems to ensure seamless business continuity.
Generic APIs integrated with third party ticketing systems at the customer/partner end are used to simplify the collaboration between teams. Through this two-way-integration, the customer teams may collaborate with the MSSP SOC teams via their respective systems.
Simplifying Incident Handling and Metrics
SecurityHQ makes the incident handling process accessible to both technical and non-technical staff, to show real-time metrics on incident management KPI’s for speed of response and incident lifecycle management.
IBM Security Stack Made Accessible.
The product of SHQ Response is real qualified security incidents, with analysis, risk assessment and response recommendations. This is the output of intelligence, correlation, and automation. SecurityHQ Response makes this accessible to technical and non-technical stakeholders to reduce costs, improve SOC operations and enhance service delivery of Managed Security Services.
‘We have not seen any platforms out there that are doing this. We see a lot of risk management platforms, but they do not deal with the detail of cyber security risks in a very good way. The SHQ Response Platform has simplified cyber security, by enabling customers to be part of their security journey. It was built so that businesses could learn more about potential threats, and solve cyber related issues, together with their designated security experts.’– Feras Tappuni, CEO, SecurityHQ
For more on how the platform works, speak to one of our specialists here.