Share Blog Post
When an incident occurs, security teams create and define actions manually, which increases their mean time to respond (MTTR). Their job will be easier if all the critical steps involved in an incident response process are pre-defined, organized properly, and can be auto-deployed for response during incident management. That’s why Cyware has introduced a new feature—Action Library—in its CFTR v3.0 release that allows CFTR users to define standardized and consistent processes for their security teams, enabling them to create actions for every incident.
What is an Action Library?
Action Library is a repository of pre-defined actions for various tasks that need to be taken after an incident occurs. Using the Action Library, security teams can now create and manage Action Templates to assist users in mapping actions to various phases in the incident response workflows.
Capabilities of Action Library
- Action Templates: For each different incident type, security teams every time have to create different workflows. They might have one template for spearphishing response, one for ransomware alert, and several others for different incidents. Action Library enables security teams to organize all such processes in an Action Template, reducing the risk of missing critical actions or tasks during an investigation.
- Action Mapping: Users can map actions to various modules across CFTR via Action Templates. This helps in automatically associating an action to a condition triggered. For example, Action Templates are used to map actions to various phases of incident workflows in Form Management.
- Auto-Creation of Actions: With the mapped Action Templates, actions are automatically created for incidents. For example, for blocking an IP address during an incident response phase, CFTR users can map an action template to a phase in the incident workflow. Next time, when an incident occurs, CFTR will automatically create an action to block the IP address and link it to the mapped incident phase.
Benefits of Action Library
- No Critical Actions are Missed: With the ability to create and manage Action Templates, no critical actions are missed out in the incident response process.
- Time Efficient: Action Library reduces the time taken to uncover actionable threat intel when security teams are investigating threats. This accelerates threat investigation with automated and standardized actions.
- Reduced MTTR: Security teams can effectively map actions for incidents of all types, improving their efficiency in responding to threats, thereby reducing mean time to respond (MTTR).
- Efficiency and Productivity: As actions are pre-populated, security teams can allocate specific tasks during the process resulting in their team’s efficiency and productivity.
Conclusion
Whether it’s detecting malware attacks, tackling phishing threats, or defending against any other incident, security teams can now automatically create actions for every incident, thereby increasing their accuracy and efficiency during incident analysis, investigation, and response.
This is just a sneak peek into our new feature. Going forward, we intend to build more use cases around it, so stay tuned!
Tags
Posted on: June 30, 2022
Related Guides
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
