Support Center

Introduction

Last Updated: Dec 17, 2017 06:31PM PST
This article introduces SSProtect :Respond Incident Response capabilities.

Introduction
DefiniSec was formed to deliver lifecycle data protection that's easy to deploy, administer, and use while delivering certainty to uncertain dynamics.

:Respond provides critical contributions to Incident Response efficiency with Data Integrity Validation/ Remediation and Definitive Disclosure Risk Insight. These capabilities result from the KODiAC Architecture and its' central role managing authentication, authorization, cryptographic operations and materials, and event access auditing. This approach minimizes the impact of a data breach with strong security while also reducing uncertainty, inaccuracies, and guesswork prevalent with today's manual Incident Response proceedings.


General Proceedings
:Respond utilizes cloud-managed :Assess audit data and host state information to analyze a variety of conditions, deriving summary results in support of Incident Response and Data Breach Investigation priorities. Results are available and delivered in .CSV form, though presented using simple Microsoft Excel report templates - the same procedure used when accessing :Assess Reports, described in the article, Acquiring Data Access Reports.

:Respond currently provides two different forms of Analysis, described below.

Requirements and Availability
:Respond is an optional component available to both Organization and Individual Accounts. User Interface controls are presented to Privileged Users in the SSProtect notification tray's context menu.

:Respond currently requires :Recover due to its' important role in Data Integrity Analysis, more specifically the optional aspect of Content Remediation associated with corrupted/ sabotaged content. More information is available in the article, Operating Modes, with its' impact more specifically described in the article, Using Data Integrity.


Data Integrity Validation with Optional Content Remediation
Data Integrity Analysis compares the last known secured state of an entity with the present stored state, detecting changes to protected content. Changes are noted in resulting Reports, and can also be used to automatically restore the proper, secured version from :Recover cloud repositories - repairing damage from Ransomware, for example. :Respond allows you to choose one or more Organization Users before execution, as described in the articles, Using :Respond and Using Data Integrity.

Definitive Risk of Data Disclosure
Definitive Disclosure Risk represents the potential that unprotected plaintext content has been made available to attackers, in one way or another. This includes the potential for leftover residual plaintext from application caches, the reality of protected secured access, and other dynamics. The software starts by enumerating all transactions for a target Analysis Period that you specify, then proceeds to perform calculations to review nearly 300 independent disclosure cases. Each of the five resulting Disclosure Risk Ratings carries distinct meaning specific to the skillset an attacker would need in order to acquire plaintext. Details are described in the article, Definitive Disclosure Risk. Operation is described in both Using :Respond and Using Risk Analysis.

Additional Analysis
:Respond will offer new features and additional Analysis options over time. Refer to the article, Using :Respond, for more information on how to take advantage of today's capabilities, then refer to, :Respond Reports, for resulting specifics.


For More Information
Users in the United States can download and work with trial versions of SSProtect, though :Respond (and :Recover) must be specifically requested using the License and Components Interface. For additional information, send questions to support@definisec.com.

 

This article was updated w/ v6.4.0 of the :Foundation Client

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete