The Ponemon Institute’s annual “Cost of Data Breach” study, released this week, served up a clear message: Damages from cyberattacks continue to climb, but organizations can stem these rising costs by preparing and supporting their incident response (IR) team, saving hundreds of thousands of dollars on average.

It’s long been our mission to help organizations transform their IR capabilities, and we’ve done so through our innovative Security Orchestration, Automation, and Response (SOAR) Platform. With our latest platform release, version 26, we’re delighted to launch Resilient Incident Visualization.

Incident Visualization Changes the Game

Resilient Incident Visualization is an industry first. It leverages the simple fact that actually seeing connections between incidents in a way like never before can help security analysts zero in on concerted attacks and respond in record time. It’s a simple yet powerful concept successful in, and now adopted from, other business areas.

Resilient Incident Visualization graphically displays multidimensional relationships between incident artifacts or indicators of compromise (IoCs) and incidents in an organization’s environment. Security analysts can:

  • Instantly gain intelligence, context and direction by seeing the most pertinent connections between artifacts and incidents, both past and present.
  • Immediately uncover broader campaigns targeting the organization and understand how an attack has unfolded over time.
  • Rapidly take investigative or remedial actions from directly within the visualizer, such as querying QRadar or blocking a malicious URL.

Decreasing Costs and Time

With Resilient Incident Visualization, a security analyst can instantly see that artifacts related to a malware incident (e.g., suspicious IP addresses, DNS names, malware hashes, etc.) have appeared in several past incidents. This suggests that these incidents are part of a bigger attack, and the platform provides direction on how to put an end to it.

This latest innovation comes only a few months after Resilient Systems was acquired by IBM Security. It shows that we’re committed to continuously innovating and pushing this market forward to help our customers thrive in the face of today’s cyberthreats. As part of IBM Security, we can innovate faster and more significantly than ever before.

In the end, Resilient Incident Visualization is a step change for incident response — making teams smarter and faster responders.


More from Incident Response

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

People, Process and Technology: The Incident Response Trifecta

Let's say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your newfound wealth, you focus on acquiring technology that will improve your monitoring, detection and analysis of data traffic. Has the incident program really improved by the technology acquisition, or is the uplift merely cosmetic? If no other changes have been…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…