Cysiv Command is a modern security operations and analytics platform. It is the foundation for Cysiv’s threat monitoring, detection, hunting, investigation, and remediation service features. It combines a number of essential technologies and functions into a single platform, leveraging a broad range of advanced data science techniques to automate the time-consuming, complex but essential activities and processes for truly effective threat detection, hunting, investigation, and remediation.
Cysiv Command integrates with the RSA Archer IT & Security Risk Management solution, specifically the RSA Archer Cyber Security & Breach Response use case. Cysiv Command integrates with RSA Archer Security Incidents and Incident Journal applications. This integration provides an ongoing management of incidents and security posture using RSA Archer, while allowing a MSSP (Cysiv) to provide SOC-as-a-Service and SIEM-as-a-Service.
Potential security incidents in Cysiv Command (co-managed SIEM with the end customers) are mirrored to RSA Archer as a means of both informing and interacting with the customer on security investigations. Case details and case comments are mirrored bi-directionally to enable the Cysiv SOC team to use Cysiv Command while customers use RSA Archer. This allows customers of the MSSP services Cysiv provides to track metrics and cases in the RSA Archer Suite, which is important as the customer may have other incidents, cases or GRC activities that are not tracked by Cysiv. RSA Archer acts as the overall security health and performance system for the customer.
Cysiv Command with RSA Archer enables organizations to:
Create a new RSA Archer security incident from a Cysiv Command case
Link a Cysiv Command case to an existing RSA Archer security incident
Sync Cysiv Command case comments with RSA Archer incident journal entries
Sync Cysiv Command case fields with RSA Archer security incident fields
Resolve Cysiv Command cases linked to RSA Archer security incidents and automatically trigger Cysiv Command to create a new incident journal entry noting that case has been closed and the reason for closing the case.