Unified identity security company Silverfort Inc. today announced its “identity-first” incident response solution, which aims to accelerate attack remediation time by complementing existing incident response tools and optimizing IR processes.

The new service is pitched as “flipping the script” on conventional IR playbooks by enabling teams to start their investigation by discovering and locking down compromised accounts first before moving on to identify infected machines and malicious network traffic.

According to Silverfort, traditional IR processes start by searching for infected machines or monitoring network logs to spot anomalous traffic, with pinpointing stolen identities — human or nonhuman — usually being the last piece in the puzzle. The company argues that the delay in identifying gives malicious actors the time and space to continue propagating inside the network during an investigation.

The new solution switches the paradigm by allowing IR teams to start an investigation by first identifying and containing compromised accounts, effectively freezing malicious activity. It does so through a combination of machine learning and artificial intelligence to give IR practitioners access to highly actionable elementary with evidence of what accounts and users need to be blocked and what accounts can remain operational.

Silverfort’s Identity-First IR Solution brings identity to the forefront, freezing stolen accounts and stopping lateral movement to reduce the impact of an incident while also accelerating remediation time. The service can be deployed within less than 12 hours for an organization with 50,000 users to detect and contain compromised accounts and identify which systems, users or other assets within the environment have been compromised.

Key benefits of Silverfort’s Identity-First Incident Response solution include allowing security teams to instantly block compromised accounts and trigger multifactor authentication to provide real-time protection and actionable forensic data. The service automatically flags risky users and computers, giving teams full visibility into compromised assets, while its Authentication Firewall enables rapid restriction of access to contain an incident’s spread.

Additionally, the solution integrates with existing security operations, incorporating identity protection measures into automated playbooks and providing extended detection and response systems with identity-related threat signals. The service covers both on-premises and cloud environments, monitoring every authentication attempt to ensure comprehensive identity protection across hybrid infrastructures.

“In today’s rapidly changing threat landscape and sophisticated AI-backed threat actors, security teams can’t afford to be hunting for an anomaly when potential attacks occur, or systems go down,” said Chief Strategy Officer Ron Rasin. “While there’s an established IR playbook to handle malware and network aspects of cyberattacks, the identity aspect is still a challenge.”

“Silverfort’s IR solution complements existing tools by instantly blocking compromised identities and adjacent machines and offering immediate visibility into those machines,” Rasin added. “We stanch the bleeding to ensure a safe recovery.”

The venture capital-backed startup has raised $222 million in funding, including rounds of $65 million in April 2022 and $116 million in January. Investors in the company include Brighton Park Capital Management LP, Citi Ventures Inc., GM Ventures, Greenfield Partners, Acrew Capital Management and Vintage Investment Partners Ltd.

Image: SiliconANGLE/Ideogram