This article introduces SSProtect :Respond Incident Response capabilities.
DefiniSec was formed to deliver host/ endpoint application data protection that's easy to deploy, administer, and use. Our primary goals are to combine a high degree of protection with simplicity, certainty, and assurances that traditional measures leave open to subjective interpretation.
:Respond is the culmination of our investment in the KODiAC Architecture, leveraging its' central role managing authentication, authorization, encryption, key management, and distribution. This is the foundation for precise, secured event auditing that supports Data Integrity Verification and Remediation services. Additional extensions analyze data access history to derive Objective Disclosure Risk Insight.
Together, these services deliver prioritized guidance for Security Event Response activities supported by Data Recovery operations that are critical to maintaining operations, even in the presence of Advanced Persistent Threats (APTs).
Requirements and Availability
:Respond is an optional component available to both Organization and Individual Accounts. User Interface controls are presented to Privileged Users in the SSProtect notification tray's context menu.
:Respond utilizes :Recover Archives to source Remediation - though you can Analyze and Report on the integrity of managed content, optional Restoration of the last known proper state requires :Recover stored content. More details are available in the article, Operating Modes, with impact more specifically described in the article, Using Integrity Remediation.
:Respond doesn't have to be continually Licensed in order to make use of past activities and stored/ managed content. While some may choose to utilize its' capabilities on a regular, scheduled basis, others may only wish to utilize Remediation and Risk Analysis by exception.
To support both dynamics, we offer a choice between a standard, recurring license subscription and a retroactive licensing discount schedule for demand-use. For details, speak to your DefiniSec Representative.
Data Integrity Validation with Optional Content Remediation
Data Integrity Analysis compares the last secured state of a managed item with the latest accessible user content, detecting unexpected changes using cryptographic primitives and patented cloud offloading. This delivers a high degree of accuracy even when faced with internal saboteurs that carry elevated access rights: SSProtect isolates auditing and precludes :Recover content removal to deny attempts at hiding activities.
Discrepancies are enumerated in summary Reports, which can be used to source data Restore operations (when :Recover Archive content is available). This repairs damage due to Ransomware, sabotage, or corruption with reduced impact and downtime for data consumers. Refer to the articles, Using :Respond and, Using Integrity Remediation for details.
Definitive Risk of Data Disclosure
Definitive Disclosure Risk computes the objective potential for plaintext disclosure of managed content. Analysis includes the reality of plaintext content disclosed through leaked application caching, the potential for exposure when securely accessed with our own protections, and long-term residual, "worst-case" considerations resulting in hundreds of different possible dynamics measured before, during, and after content is brought into the protective scope of SSProtect/ KODiAC.
Results are consolidated and presented in several different ways, though each item receives a resulting Disclosure Risk Score that ranges from Theoretically Secure to Exposed. This allows you to associate progressive events with your risk appetite then use results and identified resources as a guide for prioritized and focused investigation. By doing away with the noise, associating secured historical use with the results of the Analysis, then applying your own boundary conditions, you end up almost immediately displacing the well-known, disruptive investigation with more concerted efforts derived from measured inputs and logical, objective results.
This resulting roadmap of priorities, that you determine, avoids the hands-on, brute-force approach that consumes needless hours, days, weeks, and most often months of time before delivering unverified, uncertain claims that can inappropriately consume attention on resources of secondary importance.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v9.8.0 of the :Foundation Client