Nearly two thirds of IT pros prefer to receive security alerts on their phones, but until now there hasn’t been a way to take action on these alerts without running back to the desk.
Barkly is the first Endpoint Protection Platform to introduce Mobile Incident Response, enabling administrators to:
respond to incidents from their iOS or Android devices — wherever they are
view forensic details on blocked attacks
take action with a single click
This release is part of a larger update that makes Barkly’s entire management portal mobile-capable.
The ability to receive alerts and investigate incidents on mobile is critical for timely response. Cybercriminals don’t work 9am - 5pm, and nearly half of IT pros have missed a security alert while out of the office.
With Barkly’s Mobile Incident Response, admins can get peace of mind knowing that they’ll be informed of every incident and have the ability to follow up, anytime and anywhere. In this blog, we’ll cover exactly how it works:
1) Receive incident alert from Barkly
When Barkly blocks an attack on an endpoint, our cloud service immediately triggers an incident alert email to admins of the account. The incident alert email includes lightweight details about the incident including the name of the process Barkly blocked, the process path, the device on which the incident occurred, and the user. These details help admins understand, at a glance, what Barkly blocked. For deeper investigation they can click a direct link to incident forensics in the portal.
2) Investigate with incident forensics
Incident Forensics give Barkly admins more context necessary to “diagnose” the incident and gauge the appropriate response. Here are some of the key details and how you can use them:
Incident overview: Understand what process Barkly blocked, where it originated from, what time it happened, and why Barkly blocked it.
Device and user: Know who to follow up with if there are questions about what the user was doing at the time of the incident. E.g. Did they open an attachment in an email from a sender they did not recognize?
MD5 Hash and SHA1 Hash: Lookup hashes on Virus Total to see if they are associated with known malware.
Running processes: See if other unknown or unwanted processes ran at the time of the incident. This context can help admins distinguish if unrecognized incidents are real malware or false alarms.
Process ancestry: See the full whole ancestry of the process to understand where it came from.
3) Take action
Incident forensics enable admins to determine whether an incident is truly malicious or a false alarm, and what action to take next. Because Barkly blocks malicious processes before they do harm, there’s often no immediate action required. However, if the incident is a false positive, admins can apply an override with a single click from the incident detail page.
Access your Barkly portal on mobile today
Barkly customers can login to their Barkly portal on mobile today. If you’re interested in learning more about the Barkly Endpoint Protection Platform and seeing a demo of our product, including these mobile capabilities, don’t hesitate to contact us at firstname.lastname@example.org.