Instant Response
FoxTech DEFEND can respond instantly and automatically when high confidence alerts fire to rapidly block threats. Discuss these with your account manager.
Supported Responses
The following instant response actions are currently available. Custom actions are also possible.
- IP Blocking: Identifies and blocks IP addresses that are deemed malicious, ensuring they are unable to access the network.
- User Account Locking: Locks accounts suspected of being compromised to prevent unauthorized access and potential data breaches.
The above actions are executed by the DEFEND agent on the server that detects the attack.
Use Cases
These are mostly commonly used block IP addresses on internet facing hosts when known attacks are detected, such as SSH brute-forcing or web exploitation.