Usage

Installation & Maintenance

How effective is AlertFusion?

AlertFusion’s ‘Work any alert, once’ feature eliminates all repetitive alerts. This avoids rework on any previously processed alerts, saving significant time for analysts. Once installed and integrated, it automatically starts eliminating repetitive alerts. This capability scales to multiple processes as part of AlertFusion’s centralised case management capability.

AlertFusion also supports SOAR capabilities, so can integrate with threat and vulnerability feeds to validate any malicious IPs, emails or hash signatures as part of the alert remediation process. This automated capability to validate reputation can also be used to eliminate work on false positive alerts.

In addition, AlertFusion automates retrieval of contextual information from any source of truth (asset, vulnerability, exceptions, whitelists, etc.) required by the analysts to process alerts. This capability saves the analysts valuable time by giving them all of the prerequisite information they need to process the alert.

AlertFusion can be configured to automatically assign or escalate any alert bi-directionally to any ticketing system.

By centralising multiple team functions and their associated investigative workflows, AlertFusion also enables metrics to be automated via real-time dashboards and reports.

All these capabilities enhance the response speed of the security operations teams, while also increasing their efficiency and effectiveness.

If I press the wrong button will I create vulnerabilities?

No. AlertFusion works as a solution that helps the security analysts enhance their response time by automating repeatable actions. All buttons in AlertFusion have specific actions associated with them, so pressing the wrong one will not lead to anything breaking or new vulnerabilities being introduced.

I have written a lot of scripts why do I need AlertFusion?

AlertFusion’s ability to eliminate redundant alerts, automatically validate malicious indicators, provide contextual knowledge and centralised reporting via real-time dashboards can be integrated with any existing scripts to enhance the effectiveness of end-to-end operations.

I have multiple SOCs can AlertFusion help?

Yes, AlertFusion centralises any number of security operations centres (SOCs) into one unified and centrally managed solution thereby enabling the organisation to implement an advanced cyber fusion centre.

AlertFusion allows you to leverage real-time views of all SOC functions combined together or to look at each SOC individually.

Will it cause problems with my other tools?

No. As it only receives alerts from security systems and only processes alerts per a defined response process, AlertFusion does not interfere with the functionality of any other tool in the organisation. AlertFusion compliments all existing systems including SIEM, SOAR, etc systems.

Why is AlertFusion different from SOAR?

SOAR solutions typically provide automation and orchestration capabilities for organisations to streamline repetitive tasks, and are implemented to cater for critical security monitoring and response functions.

Due to high licensing costs, they are rarely scaled to all functions, nor do they currently provide a complete unification layer for organisations in a single license.

SOAR solutions do not help eliminate rework on alerts.

AlertFusion acts very differently. AlertFusion can complement existing SOAR solutions by centralising and streamlining functions to give the organisation a unified operations view in real-time or can function as a centralised case management solution providing key capabilities such as:

  • Centralised alert capture from phone calls, emails and technology alerts
  • Elimination of rework on alerts (without specialised SOAR capabilities)
  • Multi-workflow support within one license
  • Knowledge management and retention

How many users do I need to make AlertFusion effective?

Once the initial configuration is completed, AlertFusion can be maintained by a single (part-time) user.

Does AlertFusion allow me to automate my SOC end to end?

Yes. AlertFusion can automate the entire response process from incoming alert to processing the alert. AlertFusion also supports a multi workflow capability, so multiple processes can also be centralised within one unified console.

How is AlertFusion different from a SIEM?

AlertFusion is built to take processed alerts from advanced solutions such as SIEM, SOAR and security analytics to provide organisations with a unified operations view containing actionable alert information. It does not correlate the base system events that SIEM solutions handle.

What is the implementation procedure?

Provided the server and databases have the required components setup, it takes around 3 hours to install AlertFusion. We then integrate with your internal systems for:

  • Importing alerts into the AlertFusion console
  • Searching for contextual information to enrich the alerts
  • Orchestrating actions if required

Depending on the level of configuration and number of systems to integrate, it will take us 2 to 3 weeks to completely deploy AlertFusion in your environment.

How can I test AlertFusion?

Simply click the ‘Book a demo’ button at the top of this page. We’ll then arrange for call to discuss how AlertFusion can be deployed in your organisation for a PoC.

How do I install AlertFusion?

All we need are two Windows servers and two SQL databases to install AlertFusion in production environments. For a PoC, we will need one server and one database. Full details are available at: alertfusion.com/install-requirements

How easy is it to implement AlertFusion?

This is handled by the AlertFusion team. It’s a straightforward process and, depending on the number of systems we need to integrate with and your access procedures, it will be completed within two weeks – typically, in just a few days.