eyeShare’s integration with Intel McAfee ESM accelerates cyber security incident response to SIEM alerts by using advanced automation. Together, these best-of-breed tools provide an enterprise-grade solution to easily automate and streamline security policy tasks (playbooks) executed in response to ESM-generated alerts. The result is immediate and reliable defense against detected threats that helps mitigate damage from cyber security breaches, and serves as a force multiplier for overwhelmed NOC & SOC teams.
eyeShare’s Intel McAfee ESM integration pack supports SIEM-specific activities out-of-the-box that can be integrated into playbooks which touch other platforms, such as Active Directory, Exchange, VMware, and many others. This provides security operations teams with a robust capability to quickly orchestrate sophisticated multi-platform cyber security incident response playbooks, all with a drag-and-drop interface that requires zero programming.
Playbooks can pause their execution to accept operator input on which decision branch to follow, or they can run on a fully automated basis and make the decisions themselves. Either way, the result is high-fidelity remediation that minimizes or even eliminates acting on false positives.
See the integration in action:
With eyeShare, you maintain complete control over the automation process at all times. Key ‘decision points’ can be embedded within playbooks to pause execution and send status notifications to the appropriate individuals or teams via SMS, IM, or email. The response chosen by a human decision-maker then determines which action the playbook executes next.
eyeShare can run playbooks based on pre-determined policy-based rules defined for particular types of incidents. The playbooks can do as little as just gathering information about the incident from a multitude of sources to provide data enrichment for human operators, all the way to full service incident remediation.
The eyeShare integration pack for Intel McAfeeESM significantly extends your SIEM’s capabilities by accelerating response time to cyber security incident resolution, ensuring that a best practice response is provided 24/7/365 to any breach, regardless of who’s on duty.
The eyeShare integration with Intel McAfee ESM consists of the following enhanced capabilities:
- Opening a ticket in the ITSM Help Desk system to document the alert, as well as documenting the alert in any other system necessary to be in compliance with various regulatory regimes.
- Updating the ITSM Help Desk system in real time with any action, operator response, or forensic information related to the alert.
- Integration with an array of systems & platforms to enable fully automated cyber security incident responses in complex, heterogeneous environments.
- Zero programming is required to author playbooks, just parameter configuration. That makes building automated playbooks as fast & easy as working with Lego building blocks. Everything is modular & fits together.
- An agentless architecture that requires no agent software to be installed on any device, whether it be servers, routers, storage appliances, or anything else.
- Scheduling playbooks to run during off-hours or other designated times, i.e. creating & sending a CISO-level report at 6am of all security breaches in the previous 24 hours that were automatically remediated.
*The integration is part of the complete eyeShare download package.
Latest News From Our Blog
- How IT Automation Can Deliver Continuous Operations
- How Robotic Process Automation Can Solve Your Legacy Problems
- How a Large International Shipping Company Reduced Employee Onboarding Time by 90%
- 3 Challenges Every SOC Struggles With (and How to Overcome Them)
- 5 Ways Automation Benefits IT Operations
99 Almaden Blvd
San Jose, CA 95113
New York Office
260 Madison Avenue Suite 204
New York, NY 10016
Ayehu Software Technologies, Ltd.
Harokmim 26, Holon 5885849 Israel
Phone +972 (0)3 649 50 70
Fax +972 (0)3 649 50 79
Recently named by Gartner as a 2016 Cool Vendor, Ayehu helps IT and Security professionals to identify and resolve critical incidents, simplify complex workflows and maintain greater control over IT infrastructure through automation. Ayehu automation & orchestration solutions have been deployed by major enterprises worldwide and currently support thousands of IT processes across the globe.