eyeShare’s integration with Intel McAfee ESM accelerates cyber security incident response to SIEM alerts by using advanced automation. Together, these best-of-breed tools provide an enterprise-grade solution to easily automate and streamline security policy tasks (playbooks) executed in response to ESM-generated alerts. The result is immediate and reliable defense against detected threats that helps mitigate damage from cyber security breaches, and serves as a force multiplier for overwhelmed NOC & SOC teams.
eyeShare’s Intel McAfee ESM integration pack supports SIEM-specific activities out-of-the-box that can be integrated into playbooks which touch other platforms, such as Active Directory, Exchange, VMware, and many others. This provides security operations teams with a robust capability to quickly orchestrate sophisticated multi-platform cyber security incident response playbooks, all with a drag-and-drop interface that requires zero programming.
Playbooks can pause their execution to accept operator input on which decision branch to follow, or they can run on a fully automated basis and make the decisions themselves. Either way, the result is high-fidelity remediation that minimizes or even eliminates acting on false positives.
See the integration in action:
With eyeShare, you maintain complete control over the automation process at all times. Key ‘decision points’ can be embedded within playbooks to pause execution and send status notifications to the appropriate individuals or teams via SMS, IM, or email. The response chosen by a human decision-maker then determines which action the playbook executes next.
eyeShare can run playbooks based on pre-determined policy-based rules defined for particular types of incidents. The playbooks can do as little as just gathering information about the incident from a multitude of sources to provide data enrichment for human operators, all the way to full service incident remediation.
The eyeShare integration pack for Intel McAfeeESM significantly extends your SIEM’s capabilities by accelerating response time to cyber security incident resolution, ensuring that a best practice response is provided 24/7/365 to any breach, regardless of who’s on duty.
The eyeShare integration with Intel McAfee ESM consists of the following enhanced capabilities:
- Opening a ticket in the ITSM Help Desk system to document the alert, as well as documenting the alert in any other system necessary to be in compliance with various regulatory regimes.
- Updating the ITSM Help Desk system in real time with any action, operator response, or forensic information related to the alert.
- Integration with an array of systems & platforms to enable fully automated cyber security incident responses in complex, heterogeneous environments.
- Zero programming is required to author playbooks, just parameter configuration. That makes building automated playbooks as fast & easy as working with Lego building blocks. Everything is modular & fits together.
- An agentless architecture that requires no agent software to be installed on any device, whether it be servers, routers, storage appliances, or anything else.
- Scheduling playbooks to run during off-hours or other designated times, i.e. creating & sending a CISO-level report at 6am of all security breaches in the previous 24 hours that were automatically remediated.
*The integration is part of the complete eyeShare download package.
Ayehu Software Technologies, Ltd.
Harokmim 26, Holon 5885849 Israel
Phone +972 (0)3 649 50 70
Fax +972 (0)3 649 50 79
99 Almaden Blvd
San Jose, CA 95113
New York Office
260 Madison Avenue Suite 204
New York, NY 10016
Ayehu is the IT Automation and Orchestration platform built for the Digital Era. Powered by machine learning algorithms, it acts as a force multiplier for IT operations, security operations, managed service providers (MSPs) and managed security service providers (MSSPs). Customers can significantly save time on manual and repetitive tasks, respond to incidents with pinpoint accuracy, accelerate mean time to resolution, and maintain greater control over IT infrastructure.