If you are running a SIEM tool, then you will now be able to use it to subscribe to forensic data from Retarus E-Mail Security with immediate effect.
Within the scope of our new “Forensic SIEM Integration” we are now making selected security-relevant events from our infrastructure available to SIEM systems (Security Information and Event Management) from the likes of Splunk and LogRhythm. These events can be called up via a secured WebSocket connection. To start with, the events will be sourced from AntiVirus MultiScan (outbound), Sandboxing, CxO Fraud Detection and Patient Zero Detection.
Based on the subscribed events, the SIEM tool can also be set up to trigger automatic responses. One easily conceivable example could be that in the case of a Patient Zero being detected, it would be possible to pinpoint the affected mail account and disconnect the IP address belonging to the workstation from the company network for as long as it takes to ensure that the detected malware has been neutralized and is unable to cause any further damage.