PacketSled has launched its Incident Response (IR) platform, a network visibility solution targeted for cyber-responders and managed security service providers (MSSPs).
The PacketSled IR platform enables incident and breach response teams to quickly identify attacker activity by monitoring network traffic and performing advanced protocol analysis combined with sophisticated analytics. It uses system automation and sensor implementation for deep packet inspection, protocol dissection, ensemble detection methods and behavioral analysis.
“PacketSled provides IR investigators with the ability to monitor suspicious traffic by creating individual cases within it. It also provides the ability to trigger specific packet captures if suspicious traffic is starting and stopping, as is often the case with malware,” said David Biser, manager of the Critical Incident Response Team at NTT Security. “Rather than ‘speaking’ continually, most malware will be silent until it is time to ‘phone home.’ If identified, you can enable PacketSled to conduct a packet capture of specific traffic that frees an investigator to continue to investigate other suspicious events. We have found the new platform from PacketSled to be a tremendous asset for the work that we do.”
The offer is available to managed security service providers (MSSPs) to add to their portfolio–and will be especially appealing to those that offer evaluations on the likelihood of compromise (compromise assessments) or perform threat-hunting-as-a-service (THaaS), the company said.
“PacketSled is focused on providing the channel with the capabilities to help their customers through their existing offerings,” said PacketSled CEO Fred Wilmot. “By leveraging the PacketSled platform, and PacketSled to help them, channel partners can share their threat-hunting knowledge, incident response methodologies or breach assessments with their customers. Our partners’ ability to create a strong business using PacketSled is critical to our success moving forward.”
He added, “By enabling MSSPs to offer additional value well beyond the traditional capabilities of consuming AV and firewall, this allows MSSPs to become a critical component in their Tier1/Tier2 security operations offerings. We believe that many companies are reaching for expertise to help them in this regard.”
The PacketSled IR platform can also be deployed as part of the PacketSled Cloud platform. And, IR teams can track and manage incident behavior through PacketSled Case Manager. PacketSled’s (IRES) Incident Response Expert System (IRES) allows responders to add network indicators of compromise (IOCs), behaviors, conditions and patterns to a sensor with a few mouse clicks, leveraging MITRE’s ATT&CK framework. The Sensor Management Framework also allows responders to add custom intelligence feeds, including STIX objects for known campaign activity.
“At PacketSled, we are committed to enabling the end-to-end cycle of security in giving our partners the incentive and capability of selling, and leaving behind our product where it makes sense for their clients,” said Wilmot. “Our fundamental purpose is lowering the poverty line for security expertise and making a difference in the mission to reduce our customers risk. We will do this arm-in-arm with the channel, with whom we share a common mission objective.”