Videos

hello I'm an El Castillo VP of Technology at Al gusik in the next few minutes I will present and demonstrate the algo sex security incident response extension for IBM our zillionth resilient is an intelligent orchestration and case management system that enables security teams to respond to security incidents quickly and effectively in this demo we will see how al Busiek extends resilient to further expedited automate the handling of cyberattacks and breaches and minimize their impact on business al Busiek and specifically the incident response extension for resilient automatically highlights which business applications may be relevant for the incident as well as how critical they are it can also provide visibility into the exposure of the compromised server to the internet for example to assess the risk of data leakage or its connectivity to internal more sensitive networks this provides the security analysts with key information regarding the severity and urgency of the incident also can also automate the remediation process of security incidents the analyst can trigger automatic isolation of the compromised server from the network leaving access only for forensic purposes for example all in a single click understanding the business impact of the incident will also allow to quickly identify who are the relevant technical and business stakeholders to report the incident to so let's see the opposite extension for resilient in action ok so this is my resilient dashboard where I can see all the open security needs incidents in this case let's dive into one of them so first we can see all the different actions recommended for us to do on this specific incident let's go to the artifacts tab where you can define it automatically or manually relevant artifacts such as in this case server or an IP address that is relevant for the security incident in this case let's assume that we will define here the compromised server that is part of this incident you can in some cases be automatically once an artifact of the type IP address or host is added into any incident resilient will automatically trigger algo sec functions to complement and enrich the information about this incident in this case we can see that we have suddenly appearing here a list of associated applications these are business applications that have decided that are relevant for this incident because this IP address this server it participates in let's drill down into that and an Albuquerque H opens with the dashboard of the relevant application in this case we can see it's a critical application and we can also see who are the relevant contacts and the technical the business owner so we can easily know what might be affected and who we need to import in addition we can also see here the connectivity to internet so that the server has access to the Internet in this case we can see that it does our server is inside our sensitive Network and has access to the Internet we can see the DAR and there is a checkpoint firewall allowing the traffic at least part of it and this is exactly the rule that allows the traffic allowing out an HTTP and FTP access ok so let's say we decide this is risky and we can see that we have an option here to isolate the server what happens when I click that is that a change request to isolate that host is automatically opened with a bucyk triggering albo SEC to perform changes on the relevant security policies on the different firewalls on the network that may be relevant in this case and the closest ones to this server when I click on the details I can see that this change request was indeed opened in this case with asking to block all traffic to and from our suspected server what would happen now is that the change would be automatically handled by a low set first finding the relevant firewalls closest to the server and then designing the change which rules need to be added etc and automatically pushed onto these firewalls whether they're checkpoints below the networks Cisco's or any other firewall with that's it the incident is now contained and with that we will conclude our demo thank you