Automatically Isolate Your Infected Endpoints with AlienApp For Carbon Black13 Aug 2019
The AlienApp™ for Carbon Black delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Carbon Black’s Cb Protection and Cb Response, so you can automatically isolate your infected endpoints whenever threats are detected in USM Anywhere.
With pre-built security orchestration and automated response capabilities, you can shorten the time from threat detection to response, without any of the heavy lifting typically required to integrate multiple security IT tools.
AlienApp automatically blocks malicious domains in Cisco Umbrella whenever they are detected in USM Anywhere. Besides, it reduces the time between detection and incident response through security automation.
AlienApp for Cisco Umbrella helps you to:
- Shorten the time from threat detection to threat response with automation
- Save time, money, and headaches in integrating multiple IT security tools
- Gain more visibility into activities and changes detected in endpoints by Cb Protection
- Automate or trigger response actions within USM Anywhere to isolate infected systems through Cb Response
How It Works:
- USM Anywhere collects and analyzes events from Cb Protection and Cb Response, along with data from your other assets and security solutions.
- USM Anywhere identifies host or network activity that indicates a compromised endpoint, such as a server infected by malware, and generates an alarm.
- Through a user-executed action or an automated orchestration rule, USM Anywhere sends the compromised endpoint’s IP address to Cb Response.
- Cb Response uses the IP address to isolate the endpoint from the rest of your environment.
Please, find more information by the link.
If you have questions about AT&T Cybersecurity solutions, please, write us at firstname.lastname@example.org.