• Blog
    • Contact
    LogoLogoLogoLogo
    • Platform
      • Overview
      • Integrations
    • Why SIRP?
      • Why SIRP?
        • Industry Recognition
        • Our Customers
        • Awards
      • Business Types
        • Enterprise
        • MSSP
      • Use Cases
        • Incident Response
        • Security Operations
        • Threat Intelligence
        • Vulnerability Management
        • Security Leadership
    • Partners
      • Partner Program
      • Become a Partner
      • Register a Deal
    • Resources
      • Blog
      • Resource Library
      • News
      • Press Releases
      • Events
    • Company
      • About SIRP
      • Contact
    Get a Demo
    ✕
    How SOAR can help in Responding to 2020 Threat Landscape
    July 14, 2020
    SIRP 2020 Security Analysts Survey Attitudes to Automation
    July 23, 2020
    July 17, 2020
    Categories
    • Integrations
    Tags

      Trend Micro and SIRP - Automated Incident Response for Endpoint Security

       
      Trend Micro and SIRP – Automated Incident Response for Endpoint Security

      With the alarming number of security alerts being reported on endpoints, it has become pertinent for the security teams to utilize orchestration and automation tools to respond to large volume of repetitive alerts. Manually responding to endpoint protection solution alerts and remediating the issues on the endpoints with the coordination of asset owners and helpdesk teams is no easy feat.

      Trend Micro Apex One™ solves this problem for users by providing a web-based console to manage endpoints and ensure up-to-date protection throughout the infrastructure. Now Trend Micro customers can use SIRP’s security orchestration and automation capabilities with Apex Central to respond from a unified console.

      Integration Features

      • Run an effective incident response cycle using Apex Central alerting combined with SIRP risk-based SOAR capabilities.
      • Lookup malicious files and indicators in your endpoints using Trend Micro Apex Central and SIRP integration, either in real-time or as a playbook action. 
      • Upload Yara rules and IOCs from Threat Intelligence to Apex Central using SIRP playbooks. Leverage several other SIRP integrations to enrich Trend Micro alerts data and coordinate response across security functions.

      Challenge

      Endpoints being one of the major part of a corporate infrastructure need to be protected vigilantly. Any malicious endpoint, if not handled timely, can be a potential entry point for a cyber attack on the entire organization. Thus, it is critical to orchestrate endpoint protection by utilizing multiple security controls and processes vital to the overall security posture.


      Solution

      Security teams can automate their response to endpoint alerts received from Trend Micro Apex Central by creating playbooks in SIRP. These playbooks help analysts with enriching their investigative data, threat hunting, and endpoint remedial actions.

      Consider an example in which the alert ingested from Trend Micro Apex Central has a SHA-1 hash. SIRP automatically parses all the artifacts received in an alert and then executes a playbook. The playbook fetches the hash reputation from VirusTotal as can be seen in the following screenshot.

      sirp

      After getting the Hash Analysis Report, the playbook is set to change the disposition of alert to incident and increase the severity of the incident to High if the hash is reported by 10 or more malware engines. Furthermore, the playbook supports following actions to ensure that the malicious activity is contained:

      • Isolate an agent (endpoint)
      • Restore an agent (endpoint)
      • Get specific agent (endpoint) details
      • Create and run scan 
      • Add a Hash, IP or URL to blacklist
      sirp
      sirp
      sirp

      Further, after completing the containment actions, an email notification is sent to all the relevant users (defined in the playbook).

      The entire execution and decision flow of the playbook looks something like this:

      sirp

      The actual playbook in SIRP is shown below:


      sirp

      Benefit

      Analysts can gain a holistic view of their organization’s security posture by leveraging Trend Micro Apex actions and 100s of other integrations available in SIRP. Other than orchestrating and automating comprehensive enrichment and endpoint protection processes, analysts can also correlate the data ingested from other security technologies as well as organizational risks, asset importance, threat intelligence, and vulnerabilities.

       

      Plateform

      • Overview
      • Integrations

      Why Sirp

      • Why SIRP?
        • Industry Recognition
        • Our Customers
        • Awards

      Business Types

      • Enterprise
      • MSSP

      Use Cases

      • Incident Response
      • Security Operations
      • Threat Intelligence
      • Vulnerability Management
      • Security Leadership

      Partners

      • Partner Program
      • Become a Partner
      • Register a Deal

      Resources

      • Blog
      • Resource Library
      • News
      • Press Releases
      • Events

      Company

      • About SIRP
      • Contact

      Global Headquarters


      United Kingdom

      167-169 Great Portland street, 5th Floor, London, W1W 5PF.


      Email

      info@sirp.io

      © 2022 SIRP Labs Limited. All Rights Reserved.
      Get a Demo
      • Blog
      • Contact