We have developed a proprietary Security Orchestration, Automation and Response (SOAR) Platform, named Certego PanOptikon, to enable the process of Real Time Security Monitoring and Incident Response.
The Platform enables and supports processes of data gathering, security event correlation and operation analysis, in real-time .
Thanks to the in-depth investigation work, carried out by the Certego Computer Security Incident Response Team (CSIRT), it is possible to investigate and hunt potential cyber threats and orchestrate the entire life cycle of a security incident.
Certego Managed Detection & Response services are based on the Certego PanOptikon® SOAR Platform which adopts a modular approach to meet the specific needs of organizations.
It provides a Web Portal, as well as a Mobile APP for iOS and Android, that serves as a common interface between Certego IRT and the organization’s IT Team, making it easier to orchestrate the whole incident management process.
In PanOptikon®, every ticket follows a precise structure. This is particularly useful to distinguish the various phases of the incident response process, as suggested in the NIST guidelines.
The header section, under the navigation menu, supplies some general information about the ticket (i.e. severity, classification, creation date and title) and other contextual data including a summary and CIA Risk indicators (i.e Confidentiality risk, Integrity risk and Availability risk).
The menu on the left will guide you through the incident response phases.
Each phase will be flagged with an arrow pointing downwards. When the arrow is filled in black/blue, this indicates that tasks in that phase have been already acknowledged or completed. A striped fill pattern indicates the most advanced phase with at least one acknowledged task, while a white arrow indicates that all tasks in this phase are still pending acknowledgement.
Each phase can also have a counter, highlighted in a red circle, displaying the number of tasks still to be completed.