Our Team Has Your Back: Introducing The Discussion Feature
Discovering any malware that has made its way on your network as quickly as possible is important… but what you do next is just as important—if not more so. Understanding in real time what the threat is, where it’s coming from, and how to deal with it is the key to keeping your business safe. In the coming months, we will be launching a set of features to help you triage and respond to attacks. The first is our brand-new Discussion feature.
People often have questions and concerns about the process of remediating and eliminating malware. Strongarm users are, of course, alerted about any potential malware infection, but they often ask the Strongarm team for advice on what to do next and why.
To address this, we’ve built a new feature called Discussion to share this important information with customers in a timely fashion. Now, for every alert you see, our team will analyze and comment on what’s happened and what we think you should do next. This allows you to make rapid, informed decisions on how to respond.
The Discussion Feature: How it Works
Here are the two major components of Discussion:
1. Understanding What to Do Next
We always want our users to know why Strongarm triggered an alert and what to do next. If there was actual malware phoning home from your network, we want you to know what type, how it was delivered, and how we recommend remediating. If it was a phishing attempt, we want you to know who was targeted and why. This information is crucial to continuing to keep your organization safe.
To accomplish this, Strongarm’s Discussion feature allows our analysts to help you with:
false alerts vs. actual attacks
prevented exploits vs. live malware
Pinpointing victimized machines on your networks
Determining what is the proper action to take to remediate the situation
Sometimes alerts won’t take any effort from you at all. When Strongarm stops an attack and there’s no follow-up necessary, we’ll simply flag the alert and let you know you can stand down.
On the other end of the spectrum, if a certain piece of malware requires manual deletion, we want customers to understand how to do it and on which machine(s). If the infection requires you to wipe and restore from backup, we can make recommendations about how to proceed. And, of course, we want to convey this information as quickly and conveniently as possible. Discussion makes all of this possible.
2. Historical Reference and Conversations
With Strongarm’s new Discussion feature, customers will have a simple historical reference built right into the dashboard. Users can review past alerts and dive into both the analysis and the outcome to understand what happened in similar situations and what was done to successfully address it.
The Discussion feature can be a big help with post mortems, since it offers a much easier way for the whole team to see step-by-step how a past issue was handled, from detection to resolution. Now, instead of having to sift through email chains with the Strongarm support staff to try to piece together what happened, it’s all there for you and your team to review right within the Strongarm dashboard.
Have a Peek Under the Hood
Below, you will see what the Strongarm dashboard looks like when an infection comes in:
When you click on the “Discussion” tab, you will find a place where you can communicate and interact directly with the Strongarm support team. On the right-hand side, you will see information regarding the infection (when it was first and last seen) and next steps (if any). This can be used as a historical reference when infections happen in future, as well:
What’s Coming Down the Pike
At Strongarm, we’re committed to evolving just as quickly as the malware landscape. The Discussion feature is a big step forward in empowering businesses to understand the world of malware and how to fight back. In the coming months, we will be rolling out features to help customers share how they resolved a malware issue, as well as some automated recommendations from Strongarm on what to do.
As always, we love hearing from you! If there is an additional capability you would like to see in the Strongarm dashboard, please let us know. For every suggestion, we’ll send you a Strongarm t-shirt as our way of saying thanks for helping us make the product better for everyone. As defenders, we’re all in this together.