Field Effect actively looks for the indications of threat actor activity and will create ARO notifications should these indications be triggered. Should these go unactioned and a threat actor gain access to an End Point the Active Response policy will take action.
The typical Balanced option would guide our analysts to weigh the business impact of taking action, and respond appropriately.
If Field Effect sees indications of a potential breach on your network and a threat actor having command and control, it would immediately isolate the implicated hosts from all network communications. You would get an ARO of the activity and we would also attempt to call out to all contacts listed in the Portal via telephone.
Please read more on Active Response and Active Protection and consider using them if you are not.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article