Sharelock handles and prioritizes alerts generated from its real-time AI engine by innovatively decoupling risk detection from alert propagation, a strategic enhancement of threat management protocols. When an account deploys a specified MITRE technique that increases the security risk, Sharelock swiftly escalates the issue.
Upon the detection of active threats, Sharelock employs various automatic and manual response options, including:
Sending push notifications, emails, and SMS to account owners to confirm their identity.
Triggering additional audits and initiating risk-based, context-aware recertification campaigns.
Disconnecting users from their current sessions and revoking access rights.
Resetting passwords and activating alternative authentication methods, like multi-factor authentication.
Notifying the Security Operations Center (SoC) team and deactivating involved accounts.
Triggering custom IAM Workflows with or without a manual approval step to block or unlock the user.
Disabling all accounts associated with the involved user.
For incident management integration, Sharelock offers:
Automated incident reporting to platforms like Jira and ServiceNow.
Sending real-time threat alerts via webhook for immediate notification to other systems or services.
Security event forwarding via Syslog to SIEM systems.
Delegating threat management to SOAR platforms to execute tasks for threat management and automated response workflows.
Policy and configuration updates are carried out based on insights gained from incidents, which may include:
Initiating context-aware recertification campaigns.
Resetting passwords and revoking access rights.
Activating alternative authentication methods.
