Silverfort, the leading unified identity security company, has officially announced the launch of its Identity-First Incident Response solution, which is designed to accelerate attack remediation times by complementing existing incident response (IR) tools and optimizing IR processes.
According to certain reports, the development in question makes Silverfort’s solution the only solution well-equipped to flip the script on conventional IR playbooks, enabling IR teams to start their investigation through discovery and locking down of compromised accounts first. This it does before moving on to identifying infected machines and malicious network traffic. Such an approach, like you can guess, goes a long distance in terms of saving security teams their valuable time
More on the same would reveal how Silverfort’s latest brainchild leverages a combination of machine learning (ML) and artificial intelligence (AI) to let IR practitioners have access to highly actionable telemetry, providing the evidence of what accounts and users need to be blocked, and what accounts can remain operational while they run down the source of an incident. Beyond that, it brings identity to the forefront so to freeze stolen accounts, and at the same time, stop lateral movement to reduce the impact of an incident and accelerate remediation time.
Markedly enough, it can also be rapidly deployed mid-breach (within less than 12 hours for an organization with 50,000 users) for the purpose of detecting and containing compromised accounts, as well as identifying which systems, users, or other assets within the environment have already been compromised.
“Responding to large incidents where lateral movement has taken place, can be difficult to identify the impacted assets. Often, practitioners have to make difficult decisions with incomplete information when deploying containment actions, balancing attacker damage against business disruption. Having the ability to immediately challenge all authentication events while still allowing business operations to continue is like a surgeon having the ability to slow a patient’s heartbeat in order to perform surgery,” said Eric Haller, Silverfort Advisor and former VP of Sec Ops & GRC at Palo Alto Networks.
Silverfort also integrates with an existing IR strategy in a crisis scenario, understood to be the only identity security platform that can activate a firewall for the identity infrastructure, including Active Directory Domain Controllers.
Another detail worth a mention here is rooted in the solution’s bid to block a compromised user account in real time. As for how it does that, the answer resides in triggering MFA or blocking access instantly to stop an attack as it happens. Here, the solution also provides security teams with actionable forensic data.
Then, there is Silverfort’s Authentication Firewall, which once deployed, can automatically restrict access to limit an incident’s blast radius.
“Incident response is a race against the clock. In today’s rapidly changing threat landscape and sophisticated AI-backed threat actors, security teams can’t afford to be hunting for an anomaly when potential attacks occur or systems go down,” said Ron Rasin, Chief Strategy Officer at Silverfort. “While there’s an established IR playbook to handle malware and network aspects of cyberattacks, the identity aspect is still a challenge. Silverfort’s IR solution complements existing tools by instantly blocking compromised identities and adjacent machines and offering immediate visibility into those machines. We stanch the bleeding to ensure a safe recovery.”
Hold on, we still have a few bits left to unpack. We referred the solution’s knack of integrating with existing Security Operations Infrastructure, but what we didn’t mention was how it tends to incorporate identity protection measures (e.g., MFA, service account protection, access block) into an existing SOAR automated playbook. Neither did we acknowledge the technology’s ability to provide XDR with identity-related threat signals and suspected attacks. Alongside that, Silverfort’s IDR can even ingest endpoint, network, and other telemetries to enrich context and refine the precision of detected threats.
Rounding up highlights is the solution’s potential when it comes to exchanging data with the SIEM for mutual correlation of risk signals, optimizing, and enhancing insights into each user account’s exposure to compromise or involvement in an active attack.