Cases: How to enhance threat detection and response for security analysts

At Next DLP we are committed to driving innovation in cybersecurity, consistently enhancing the Reveal Platform to meet the evolving challenges of today's organizations. The latest improvements to Reveal’s Cases capability reflects this dedication, offering advanced tools designed to simplify threat hunting and forensic analysis, enabling faster, more informed responses to potential risks.

Our redesigned Case details page brings essential case information to the forefront. By making it easier for operators to analyze events and respond to threats quickly, Reveal ensures that critical data is accessible precisely when needed.

A screenshot from the Reveal Platform showing the improved cases layout — The new Cases feature in the Reveal Platform by Next DLP

Redefining Case Management

Cases in Reveal represent a collection of suspicious events and detections. By grouping these elements, operators can proactively flag and investigate potential risks across the network. This feature is particularly valuable for collaboration, allowing multiple operators to contribute to the investigation and decision-making process.

The Cases module in Reveal displays:

Open Cases: Cases that are actively being investigated by operators within your organization.
Closed Cases: Cases that have been previously investigated by either your organization or Next DLP Cyber Analysts.

Key Features and Functionalities

Viewing Cases:

Reveal’s extended retention period for cases and associated events/detections means that information is stored indefinitely, unless deleted. By default, cases are sorted by the last update, but users can also sort by name or severity, or filter using keywords. This flexibility ensures that operators can quickly find and focus on the most relevant cases.

Creating Cases:

When creating a new case, users can provide a title and summary, assign a severity level, and add tags for classification. This structured approach helps in identifying the focus of the case and the risk level of the associated events and detections.

Managing Cases:

Users can add or remove events and detections from cases, with the option to delete cases when necessary. The collaborative aspect is enhanced by the ability to provide general comments, comment on specific events/detections, and reply to other operators’ comments. Operators can even paste screenshots directly into the Comments panel, making information sharing seamless and efficient.

Closing and Reopening Cases:

Once a case investigation is complete, it can be closed. However, the Cases module retains closed cases, allowing for them to be reopened if further investigation is needed. This ensures that no critical information is lost and that cases can be revisited as required.

Driving Collaboration and Efficiency

The enhancements to the Cases feature in Next DLP’s Reveal Platform are designed to foster better collaboration and improve the efficiency of threat response. By providing a clear and comprehensive overview of cases and enabling detailed analysis and management, operators can work together more effectively to mitigate risks.

In summary, the improved Cases feature in Reveal is a powerful tool for cybersecurity practitioners. It not only simplifies the investigation and management of suspicious events but also enhances the ability to respond to threats swiftly and collaboratively. This update is a testament to Next DLP’s commitment to delivering cutting-edge solutions for the evolving challenges in cybersecurity.