Incident Response Platform
Respond to Incidents Faster. Smarter. Better.
The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.
The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.
The latest innovation to the Resilient IRP, Dynamic Playbooks, provides the agility, intelligence, and sophistication needed to contend with complex attacks. Dynamic Playbooks automatically adapts to real-time incident conditions and ensures repetitive, initial triage steps are complete before an analyst even opens the incident.
Purpose-Built for Incident Response
Resilient, robust response to the day-to-day events that security teams must contend with is a growing challenge shared by organizations of all sizes, across all industries, globally. And responding well in the face of a cyber crisis is harder as the stakes have gotten higher and the actors more sophisticated.
The Resilient Incident Response Platform features Dynamic Playbooks, which automatically adapts to real-time incident conditions to ensure a fast and complete response for the entire organization and for all incident types (from malware to DDoS to lost devices). This agile, intelligent, and sophisticated response capability ensures organizations can meet the complex attacks of today and tomorrow.
IR teams can manage and collaborate on their response directly within the platform. Unlike ticketing systems and other general-purpose IT tools, our IRP is secure, fully configurable, and purpose-built for incident response. Comprehensive analysis, customizable dashboards, and robust reporting features ensure senior leadership can access key information when they need it.
Resilient Enterprise and Standard IR Platforms
The Resilient platform is designed to meet the specific needs of organizations of all sizes and complexities. The Resilient IRP Enterprise is built for large, varied systems of major enterprises. The Resilient IRP Standard is an economical, yet powerful, IR solution most valuable to midsized organizations. It has all the functionality that a midsized organization needs to achieve a reliable response capability and provides a path to upgrade as its needs grow.
Both platforms are available as SaaS or on-premises deployments.Request Information
Your Incident Response Hub
The Resilient Enterprise and Standard Incident Response Platforms empower organizations of all sizes – from large-scale security operations centers (SOCs) to small IT security teams – to respond to and resolve security incidents more effectively and efficiently.
By integrating with your existing IT security solutions, the Resilient IRP provides a centralized platform for cyberattack investigation and remediation. It unlocks the value of your cyber security investments and makes your team smarter and faster.
Our IRP Hub Experience
- Resilient users can escalate incidents and import artifacts from email, SIEMs, ticketing systems, and other sources.
Bi-directional SIEM integration can also deliver additional information directly into the IRP.
- Built-in threat intelligence feeds automatically gather and deliver valuable incident context.
Similar integrations with other solutions reduce investigation time and enable a rapid, decisive response.
- Users can leverage additional integrations to further investigate security incidents within the platform. This eliminates the time required to pull information from disparate systems, and enables your team to focus on more essential tasks.
- By integrating with external tools like ticketing systems, users can orchestrate and direct a fast and effective incident resolution from the platform.
With our Enterprise and Standard IR Platforms, IBM Resilient ensures that organizations of all sizes and sophistication – from Fortune 500 enterprises to midsized organizations – can thrive in the face of today’s cyber threats.
Incident Response Platform Enterprise
The Resilient Incident Response Platform Enterprise – built for large enterprises – is the industry’s leading IR platform, with 300 deployments globally.
Resilient Use Case: Combined phishing and malware attack in a highly sophisticated enterprise deployment
- Escalation: Phishing alert from HP ArcSight generates an incident in Resilient. Artifacts are automatically attached to the incident record (e.g. HTML phishing email).
- Automatic Enrichment: Artifacts are automatically checked against built-in cyber threat intelligence feeds. IBM X-Force returns a hit for a known phishing attack and associated malware.
- Manually invoked enrichment: CSIRT uses Blue Coat integration to investigate malicious URL. Blue Coat provides a list of users that visited the URL in the last six months.
CSIRT uses Carbon Black integration to search for endpoints infected with the known malware/hash.
- Manually invoked remediation: CSIRT opens a ticket via Remedy integration, instructing IT team to reimage infected/at-risk machines. IT team resolves the threat. Incident record is automatically updated and closed.
- Mitigation: IRP updates CheckPoint with new phishing attack information. Future attacks avoided.
Incident Response Platform Standard
The Resilient Incident Response Platform Standard offers midsized organizations a powerful foundation for incident response planning, management, orchestration, and mitigation.
It provides immediate improvement in security teams’ ability to have an expert, consistent, repeatable, and measurable process – and can expand functionality alongside an organization’s growing needs.
Resilient Use Case: Malware attack in a midsized organization
- Escalation: The help desk manually escalates the incident to Resilient via ticketing system. Malware sample/hash automatically attached to incident record.
- Automatic Enrichment: Artifacts automatically checked against cyber threat intelligence feeds. IBM X-Force returns a hit for known malware.
- Dynamic Playbooks: Resilient generates a malware-specific IR playbook:
• Quarantine infected system
• Reimage machine
• Post-incident review, update policies and procedures.
- Incident Resolution: In the IRP, the IR manager monitors the response process as it is resolved. Help desk ticket automatically updated and closed.
- Mitigation: IRP updates Barracuda with new malware information. Future attacks avoided.
Learn more about the three modules of the Resilient Incident Response Platform
Resilient's IRP was the only choice that was capable and customizable enough to help me build a modern incident response practice. Our mean time to discovery, recovery, and closure dramatically improved using the Resilient IRP.
– Head of Cyber Security Incident Response, Leading Medical Center and Research Facility