Incident ResponseAlienVault USM1https://media.trustradius.com/product-logos/LF/Ap/TPOL9A2198T5-180x180.JPEGLogRhythm NextGen SIEM Platform2https://media.trustradius.com/vendor-logos/YF/X9/J40ME3894TL8-180x180.JPEGCrowdStrike Falcon Endpoint Protection3https://media.trustradius.com/vendor-logos/QJ/nR/NGAP2XUTKHMV-180x180.JPEGProofpoint Threat Response Auto-Pull4https://media.trustradius.com/product-logos/XN/dj/RZBWSU7FF2IS-180x180.JPEGD3 Security5https://media.trustradius.com/vendor-logos/YS/Xo/N7M1TAC11PQF-180x180.JPEGVMware Carbon Black EDR (formerly Cb Response)6https://media.trustradius.com/vendor-logos/WQ/s1/OTGK2K9UDA6K-180x180.JPEGEnCase Endpoint Security7https://media.trustradius.com/vendor-logos/Jo/Dc/J5BO5E4D2RK8-180x180.JPEGAgari Phishing Response8https://media.trustradius.com/vendor-logos/Fj/jh/23M80NZ7UO3S-180x180.PNGCylanceOPTICS9https://media.trustradius.com/product-logos/N5/KN/BSMKKT9IPTIS-180x180.PNGCofense Triage10https://media.trustradius.com/product-logos/yh/y8/AQA7AFLF470O-180x180.PNGIBM Resilient Incident Response Platform11https://media.trustradius.com/vendor-logos/yf/sf/DNSXTG99HOK3-180x180.JPEGCybereason Endpoint Detection & Response (EDR)12https://media.trustradius.com/vendor-logos/cV/hK/TPQPBH4GE957-180x180.PNGSecuronix SNYPR Platform13https://media.trustradius.com/vendor-logos/Dk/eQ/LT6ACXBGZJBO-180x180.JPEGDFLabs IncMan14https://media.trustradius.com/vendor-logos/xN/FG/ELPWFLFG5N8O-180x180.JPEGCyber Triage15https://media.trustradius.com/vendor-logos/Kt/S0/7LFJVSRXESE9-180x180.JPEGResolve Systems16https://media.trustradius.com/vendor-logos/FE/UN/L05DO48JOV11-180x180.PNGDemisto17https://media.trustradius.com/product-logos/Qa/ky/XV1NWBX815X6-180x180.JPEGFireEye Security Orchestrator18https://media.trustradius.com/vendor-logos/NG/Ce/Z0M72RNSMBG5-180x180.JPEGAyehu eyeShare19https://media.trustradius.com/vendor-logos/is/Qi/392705B8DSTW-180x180.PNGCyberSponse, from Fortinet20https://media.trustradius.com/product-logos/Xf/lj/RJ3E2UF8PE6T-180x180.PNGSiemplify21https://media.trustradius.com/product-logos/sv/Ku/7G7ZPENFB8XI-180x180.JPEGCynet 36022https://media.trustradius.com/vendor-logos/g5/d3/JCM06L4PZHAB-180x180.JPEGExabeam Security Intelligence Platform23https://media.trustradius.com/vendor-logos/2f/Iu/3CV52KIWX2FF-180x180.JPEGStealthDEFEND24https://media.trustradius.com/vendor-logos/xU/0I/F6PGMGWLEJ3K-180x180.PNGProofpoint ThreatResponse25https://media.trustradius.com/vendor-logos/8m/3w/841F4UFBJE69-180x180.JPEG

Incident Response Platforms

Incident Response Platform Overview

What are Incident Response Platforms?

Incident response (IR) platforms guide countermeasures against a security breach and deploy preplanned, automated threat responses. Automated tasks can include threat hunting, anomaly detection, and real-time threat response via a playbook. After a breach, IR platforms can generate incident reports for analysis. Through IR software incident response may be planned, orchestrated and logged in accordance with policy, and best practice.


IR platforms may provide a response playbook designed to help contain and remediate breaches. Playbooks, or runbooks, are planned workflows that guide or automatically orchestrate responses to threats in real-time. These playbooks can be triggered by detecting known threats or incident types, and run in accordance with policy or SLA. For instance, the playbook may escalate a threat level if a high priority device is infected.


Through automated orchestration, incident response platforms help response teams minimize the time and resources required to manage incidents. IR platforms enable remediation teams to work on a broader scale and can identify and remediate network events that may have been missed due to a lack of resources.

Endpoint security and Incident response platforms have been thought of as separate categories. Endpoint security is a first-line defense mechanism for blocking known threats while incident response is the next layer and is all about hunting for endpoint threats and actively removing them. However, these categories are starting to merge into a new broader category often called Endpoint Protection and Response.

Features of Incident Response Platforms

Incident response platforms may offer the following features:

  • Knowledgebase of regulations and best practice response plans

  • SIEM data ingestion, anomaly detection

  • Correlate data from SIEM, endpoints, and other sources

  • Pre-built customizable standards-based incident response playbooks

  • Automated response to security alerts

  • Process tree & timeline analysis to identify threats

  • Attack behavior analytics, for real-time detection & forensics

  • Access & credential lockdown, network access analysis

  • Isolation of infected systems, malicious files

  • Automate escalation to assign tasks to the right people

  • Service-level agreement (SLA) tracking and management

  • Forensic data retention for post-incident reporting, analysis

  • Remediation planning & process automation

  • Privacy breach reporting policy (e.g. GDPR) preparation

  • Compliance report issuance

Pricing Information & Availability

Incident response is very often offered as a service by cybersecurity outsourcing specialists. However strictly technology-based IR Platforms like those below are available to SOCs and in-house enterprise IT security teams. These offerings are often part of a suite from vendors specializing in cybersecurity software. In this case, they may be bundled with endpoint protection and antivirus applications from the same vendor. Vendors of IR software will boast integrations with popular SIEM applications, or other IT automation applications. Incident response platforms


Incident Response Products

Listings (1-25 of 45)

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
Top Rated
637 Ratings

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, inclu…

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes IR via the SmarResponse Automation Framework, UEBA via the CloudAI security analytics tool, NetMon network forensics, and other features providing a t…

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance…

Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropri…

1 Ratings

Vancouver company D3 Security offers their incident response suite, featuring an incident knowledgebase and response templates, built-in and configurable workflow with task assignment and assignable threat alerting threshold, among other features.

Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can hunt th…

EnCase Endpoint Security is an endpoint threat detection and incident response cyber security application developed by Guardian Software and now owned and supported by OpenText since the acquisition in summer 2017.

2 Ratings

Cylance, a Blackberry company since the early 2019 acquisition, offers a range of cyber security solutions, including CylanceOPTICS, an incident response solution emphasizing fast endpoint detection and automated smart threat response, root cause and context analysis, and other features.

Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.

We don't have enough ratings and reviews to provide an overall score.

Securonix, from the Los Angeles-based company of the same name, offers the SNYPR Platform, an advanced analytics platform providing real time insights with identity data, threat hunting, and other security analytics capabilities. The SNYPR platform combines this with Securonix Response Bot, inciden…

We don't have enough ratings and reviews to provide an overall score.

Italian company DFLabs offers IncMan, their flagship security automation and orchestration platform emphasizing rapid incident detection, a higher proportion of incidents receiving response, and faster incident response time.

We don't have enough ratings and reviews to provide an overall score.

Basis Technology in Cambridge, MA offers Cyber Triage, an incident response software emphasizing the rapid and accurate collection of endpoint data, touted as better and more comprehensive than antivirus and ideal for non-forensics experts.

We don't have enough ratings and reviews to provide an overall score.

The flagship product from Resolve Systems in Irvine is their incident response platform, which features automated security and threat diagnosis, an incident tracking dashboard, and automated remediation workflow.

We don't have enough ratings and reviews to provide an overall score.

Demisto, now from Palo Alto Networks (acquired March 2019) provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Demisto’s playbooks are powered by hundreds of integrations and thousands of s…

We don't have enough ratings and reviews to provide an overall score.

Ayehu offers eyeShare, their IT automation platform powered by machine learning to support rapid incident response and process automation.

We don't have enough ratings and reviews to provide an overall score.

CyberSponse in Arlington offers their flagship cybersecurity orchestration and incident response platform that supplies automation and intelligence to threat containment and elimination. Fortinet acquired and now supports CyberSponse (December 2019).

We don't have enough ratings and reviews to provide an overall score.

Siemplify provides a holistic security operations platform that empowers security analysts to work smarter and respond faster. Siemplify uniquely combines security orchestration and automation with patented contextual investigation and case management to deliver intuitive, consistent and measurable …

We don't have enough ratings and reviews to provide an overall score.

New York based Cynet offers their intrusion detection and threat response platform Cynet 360, which monitors endpoints and networks, correlates and analyzes suspicious behavior, and provides automated remedial protection and manual remediation guidance to contain and eliminate cyber attackers.

We don't have enough ratings and reviews to provide an overall score.

Exabeam headquartered in San Mateo, offers their security intelligence and SIEM platform, the Exabeam Security Intelligence Platform, featuring unlimited security data collection (Exabeam Data Lake), threat detection via Exabeam Advanced Analytics, security response and orchestration via Exabeam Inc…

We don't have enough ratings and reviews to provide an overall score.

StealthDEFEND, from STEALTHbits Technology, is an intrusion detection and prevention solution for protecting sensitive data, investigating, alerting and preventing malicious behavior by intruders, both users and malware.