Go to listing page

High Pace, Large Scale: CFTR Enables Efficient Incident Management with Service Level Agreements

High Pace, Large Scale: CFTR Enables Efficient Incident Management with Service Level Agreements

Share Blog Post

The Cyware Fusion and Threat Response (CFTR) version 2.4 empowers security decision-makers with an advanced Service Level Agreement (SLA) feature.

How does this feature work?

The Service Level Agreement (SLA) feature allows incident managers to define conditions and time limits for the incident response teams to respond to specific incidents within the stipulated SLAs. Using this feature, incident response managers can define SLAs based on various parameters such as incident type, incident severity, business units affected, and geographic location. This customization also allows incident managers to define SLAs based on their order of priority for incident resolution and enables automated assignment of SLAs to appropriate incidents.

Admins can create two types of SLAs:

  • Assignment SLA: It covers the triaging phase of an incident and tracks the time from the opening of an incident to the time when it is assigned to a user.
  • Response SLA: It covers the post-triaging phase of an incident and tracks the time from the assignment of an incident to the closing of the incident.

Setting up the breach limits

To ensure a high SLA compliance, incident managers can also set breach limits along with automated notifications for incident assignees or SOC managers in case an SLA is about to be breached. This feature provides an option to escalate SLA violations by configuring an automated escalation roster, as applicable to the incident. Additionally, users can set a custom order of priority for the applicable SLAs using the “Re-order” function as per the organization’s needs.

Incident management at scale

The SLA feature in CFTR provides several benefits for incident managers and their teams such as:
  • A bird’s eye view for tracking the performance of the incident response teams through dedicated real-time SLA status tracking widgets on the Dashboard. This enables incident response managers to identify the gaps or shortcomings in crucial metrics, such as Mean-time-to Response (MTTR) and Mean-time-to-Detection (MTTD).
  • The incident management process, when coupled with the relevant automation, allows service desk teams and analysts to keep an eye on SLA compliance, and improve performance over time. Organizations can further improve SOC maturity by establishing customizable yet consistent incident management processes for teams spread across different business units or geographic locations.


The key to improving incident response operations is through harmony between people, processes, and technology. The CFTR version 2.4 takes a major step in this direction by enabling security teams to bring their own SLAs to meet complex operational requirements and improve the overall cybersecurity posture.


incident management
cyware fusion and threat response

Posted on: August 27, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.