RC can be integrated 2 ways to almost any SIEM and Network Access Control (NAC) solution. RC has a full featured RESTful WebAPI which can be easily adapted and setup, as it comes with pre-configured scripts for most used SIEM and NAC solutions. This secures easy implementation and RC can be tailored to fit your SIEM/NAC setup solution. Setting up an integration to Cisco ISE, Aruba, Splunk, IBM QRadar, ATP and other solutions can in most cases be done in less than 1 hour.
When RC detects a ransomware attack, RC will immediately alert and send information to integrated solutions.
In case of using SIEM integration to e.g., Splunk, RC will use JSON files sent to sensors in Splunk through TCP/Port listeners or through file integration. This will immediately trigger an alert in Splunk that will follow the workflow which is configured in Splunk for your Security Operations Centre (SOC) or Response Team to take appropriate action.
In case of using NAC integration to for e.g., Cisco ISE, RC will use the “ANC_Policy_Quarantine” using XML to send to Cisco ISE WebAPI which immediately will isolate the attacked client/user from the network and the attack will instantly stop.
Setting up integration in RC is optional and not required. RC features require SIEM/NAC functionality built-in with the implemented Dashboard to immediately and remotely shutting down an attacked client/user. Your SOC/Response Team is alerted by e-mail, SMS or one of our available RC Alerting Apps for IOS and Android. You decide if RC should Alert and Respond or you wish to use your existing solutions instead or a combination of the two.
All integration, communication and alerting functions are also working if you are hosting in the cloud or having an MSP taking care of your IT solutions and infrastructure.
All product names, trademarks and registered trademarks are property of their respective owners. All company, product and service names used in this website are for identification purposes only.