Cyphon – Incident Management and Response Platform
Cyphon is an incident-response platform that receives, processes, and triages events to create a more efficient analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.
Many organizations manage post-processed security events as email
notifications, which is incredibly inefficient. An inbox flooded with
alert notifications creates an environment where critical issues are
overlooked and rarely investigated.
Cyphon – Collect, Alert and Respond
The framework eliminates this issue by throttling events and prioritizing them based on user-defined rules. Analysts can quickly investigate incidents by correlating other data sets against indicators that matter. They can then annonate alerts with the results of their analysis.
Cyphon supports integrations with Bro, Snort, Nessus, and other popular security products. Social Media Monitoring Leveraging publicly available APIs, Cyphon can collect data from streaming sources. Search is based on keywords, geofencing, and adhoc parameters.
Some of the features included are:
Aggregate data from numerous sources: email, log messages, APIs, social media and more
Single pane of glass view instead of multiple dashboards