Whenever a detection is categorized as a real security threat, the following occurs:
- A security incident is registered internally for that customer.
- The IRON responder assigns itself to the case.
- A quick analysis is done on the detection and escalated in case necessary.
- The customer is notified of the security incident details, impact, host and Plan of Action.
- Mitigation actions are applied to the endpoint via remote incident response.
- Customer is kept up-to-date with the status of the incident.
- Incident is closed and summary report provided to the customer.