New in 2024.11: Introducing incident response playbooks
While some months are dedicated to essential maintenance and fixes, others bring exciting developments that we can’t wait to share. This month is particularly special, as we are thrilled to introduce our latest feature: Playbooks.
This powerful new addition to our EDR functionality is designed to streamline and automate incident response workflows, ensuring a more efficient and rapid approach to managing security incidents.
What are Playbooks?
Playbooks are essential components of Security Orchestration, Automation, and Response (SOAR) systems. Their primary purposes are to facilitate the automation of common tasks and guide analysts through structured workflows during incident response scenarios. By allowing organizations to overwrite default processing flows with customized sequences, playbooks define specific workflows for various security events.
Playbooks in Action
Here’s how they work: when an incident is recorded, the Playbook Engine instantly checks for matches and triggers customized response flows defined in your tailored Playbooks. These sequences allow you to override default processing and implement workflows specific to your security needs, ensuring that only the first applicable Playbook executes to prevent conflicts.
With a dedicated Playbooks panel in the workspace, you can organize and customize Playbooks by partner or workspace, with the ability to clone or edit them for maximum flexibility.
Playbooks are easy to access and manage within the workspace dashboard. You can create and customize Playbooks in the order in which they’re triggered, and tailor their execution flow. This grid-based structure lets you prioritize the Playbooks from highly specific to more generic ones, so that as incidents are created, the Playbook engine evaluates triggers from top to bottom, ensuring the highest-priority Playbook executes first.
The Playbook Editor offers flexibility for building workflows based on incident data. You can add conditions, set triggers, and design workflows that operate on incident-specific data such as files, networks, and processes. The Condition element is particularly powerful, enabling decisions at runtime based on criteria like incident severity or alert paths.
With Playbooks, incident handling is seamless and customizable, providing a clear view of incident changes and workflow activity via the Playbook log. We look forward to seeing how you use Playbooks to maximize your security capabilities. This feature is available for all Emsisoft Enterprise Security users.
Compare Emsisoft license plans here.
Aditionally, this month’s update includes multiple minor performance improvements to ensure your Emsisoft products continue to deliver the experience you expect.
Device protection (desktop)
- Several minor tweaks and fixes.
Management console (web app)
- EDR: Incident response playbooks.
- Several minor tweaks and fixes.
How to obtain the new version
So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.
Note to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a great and well-protected day!