Incident ResponseRADAR1https://media.trustradius.com/vendor-logos/os/em/UFTO9VX58SL7-180x180.JPEGLogRhythm NDR2https://media.trustradius.com/vendor-logos/YF/X9/J40ME3894TL8-180x180.JPEGSplunk Phantom3https://media.trustradius.com/vendor-logos/gJ/c0/2GB5D7JTKHQN-180x180.JPEGRSA NetWitness Orchestrator4https://media.trustradius.com/vendor-logos/VR/tQ/QQ1UVO3W5C25-180x180.JPEGHuntsman Analyst Portal5https://media.trustradius.com/vendor-logos/pz/6f/HFGJZST02KAV-180x180.JPEGKaspersky Threat Management and Defense6https://media.trustradius.com/vendor-logos/RZ/RK/QTA0JQCKJP1L-180x180.JPEG1E Tachyon7https://media.trustradius.com/vendor-logos/f3/42/RCKATSN61JTE-180x180.JPEGCherwell Information Security Management Solution (ISMS)8https://media.trustradius.com/vendor-logos/Xs/hH/LPKA06GDTSL1-180x180.PNGPalo Alto Networks Cortex XDR9https://media.trustradius.com/vendor-logos/MK/NG/UKHCVB1FA0XT-180x180.PNGIBM X-Force Incident Response and Intelligence Services (IRIS)10https://media.trustradius.com/vendor-logos/yf/sf/DNSXTG99HOK3-180x180.JPEGCobalt11https://media.trustradius.com/vendor-logos/aH/5Y/CE23A6ZHT049-180x180.JPEGCofense Triage12https://media.trustradius.com/product-logos/yh/y8/AQA7AFLF470O-180x180.PNGCybereason Endpoint Detection & Response (EDR)13https://media.trustradius.com/vendor-logos/cV/hK/TPQPBH4GE957-180x180.PNGGravityZone Ultra14https://media.trustradius.com/product-logos/OW/3L/6XIM1HCAP29K-180x180.PNGProofpoint ThreatResponse15https://media.trustradius.com/vendor-logos/8m/3w/841F4UFBJE69-180x180.JPEGAgari Phishing Response16https://media.trustradius.com/vendor-logos/Fj/jh/23M80NZ7UO3S-180x180.PNGResolve Systems17https://media.trustradius.com/vendor-logos/FE/UN/L05DO48JOV11-180x180.PNG

Incident Response Platforms

Incident Response Platform Overview

What are Incident Response Platforms?

Incident response (IR) platforms guide countermeasures against a security breach and deploy preplanned, automated threat responses. Automated tasks can include threat hunting, anomaly detection, and real-time threat response via a playbook. After a breach, IR platforms can generate incident reports for analysis. Through IR software incident response may be planned, orchestrated and logged in accordance with policy, and best practice.


IR platforms may provide a response playbook designed to help contain and remediate breaches. Playbooks, or runbooks, are planned workflows that guide or automatically orchestrate responses to threats in real-time. These playbooks can be triggered by detecting known threats or incident types, and run in accordance with policy or SLA. For instance, the playbook may escalate a threat level if a high priority device is infected.


Through automated orchestration, incident response platforms help response teams minimize the time and resources required to manage incidents. IR platforms enable remediation teams to work on a broader scale and can identify and remediate network events that may have been missed due to a lack of resources.

Endpoint security and Incident response platforms have been thought of as separate categories. Endpoint security is a first-line defense mechanism for blocking known threats while incident response is the next layer and is all about hunting for endpoint threats and actively removing them. However, these categories are starting to merge into a new broader category often called Endpoint Protection and Response.

Features of Incident Response Platforms

Incident response platforms may offer the following features:

  • Knowledgebase of regulations and best practice response plans

  • SIEM data ingestion, anomaly detection

  • Correlate data from SIEM, endpoints, and other sources

  • Pre-built customizable standards-based incident response playbooks

  • Automated response to security alerts

  • Process tree & timeline analysis to identify threats

  • Attack behavior analytics, for real-time detection & forensics

  • Access & credential lockdown, network access analysis

  • Isolation of infected systems, malicious files

  • Automate escalation to assign tasks to the right people

  • Service-level agreement (SLA) tracking and management

  • Forensic data retention for post-incident reporting, analysis

  • Remediation planning & process automation

  • Privacy breach reporting policy (e.g. GDPR) preparation

  • Compliance report issuance

Pricing Information & Availability

Incident response is very often offered as a service by cybersecurity outsourcing specialists. However strictly technology-based IR Platforms like those below are available to SOCs and in-house enterprise IT security teams. These offerings are often part of a suite from vendors specializing in cybersecurity software. In this case, they may be bundled with endpoint protection and antivirus applications from the same vendor. Vendors of IR software will boast integrations with popular SIEM applications, or other IT automation applications. Incident response platforms


Incident Response Products

Listings (26-42 of 42)

We don't have enough ratings and reviews to provide an overall score.

RADAR headquartered in Portland offers their incident response management software platform, providing breach detection and incident intake, automated escalation management, risk profiling and the company's Breach Guidance Engine, among other features.

We don't have enough ratings and reviews to provide an overall score.

LogRhythm NDR (for Network Detection and Response) is a SOAR platform which automates incident detection and response with prebuilt and customizable playbooks, from LogRhythm.

We don't have enough ratings and reviews to provide an overall score.

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Phantom provides playbook automation and incident response and is available as a standalone solution.

We don't have enough ratings and reviews to provide an overall score.

Australian company Huntsman Security offers the Huntsman Analyst Portal, an IR / SOAR security application designed to integrate with the company's flagship SIEM platform: Huntsman Enterprise SIEM.

We don't have enough ratings and reviews to provide an overall score.

1E headquartered in London offers Tachyon, an incident management and response product, providing guided remediation and an automated resolution process.

We don't have enough ratings and reviews to provide an overall score.

Cortex XDR from Palo Alto Networks is a detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations. Tight integration with en…

We don't have enough ratings and reviews to provide an overall score.

Cobalt headquartered in Montreal offers their eponymous incident response platform.

We don't have enough ratings and reviews to provide an overall score.

Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.

We don't have enough ratings and reviews to provide an overall score.

GravityZone Ultra is a complete Endpoint Security solution designed from the ground up as an integrated next-gen EPP and easy-to-use EDR. It offers prevention, threat detection, automatic response, pre and post compromise visibility, alert triage, investigation, advanced search and one-click resolut…

We don't have enough ratings and reviews to provide an overall score.

Agari in Foster City offers the Agari Phishing Response service, a phishing incident response system designed to accelerate phishing triage, forensics, remediation, and breach containment.

We don't have enough ratings and reviews to provide an overall score.

The flagship product from Resolve Systems in Irvine is their incident response platform, which features automated security and threat diagnosis, an incident tracking dashboard, and automated remediation workflow.