So the team have been really busy these last months adding loads of great features to CyberCPR.
In fact there are so many features we have called this release “Humpback”
The Development Team have worked tirelessly to not only build some great features but they have also implemented new services and infrastructure into the application onto which they are already building the next round of empowering features.
We have an exciting road map for CyberCPR in 2019 and hopefully this post will let you understand some of the major improvements the team are pleased to announce.
We will publish a longer update in the coming days with screenshots and a walk-through video but here are just some of the new features we have added to the Enterprise version of CyberCPR:
New User Interface – we rebuild this from the ground up applying many of the lessons we learnt from version 4 and customer feedback:
- Bolder layout.
- Softer colours.
- Clearer text.
- Dynamic pushed updates (with options to block update streams so you can concentrate on data before it changes).
- Better alerting – so you don’t miss things while you are logged in.
- Improved navigation
- Easier searching – just start typing
My Home – This is your the starting place for the day showing you:
- Incidents you’re assigned to.
- Tasks that are due soon and overdue.
- What events happened on all your incidents “While you were away” – since you last logged in.
Incidents – It’s all about these really so we did some real underlying work on the managing and control of incidents:
- Incident Commanders – we added the ability to select an incident commander – the person among the team that is leading the fight or investigation.
- Incident Identifiers (so you can add the Ticket number from IT to your incident).
- We added a “Case live time” so you know how long the case has been running.
- Earliest Attacker Activity box (system set from the earliest host for whom you added a compromise date and time) or set by you.
- Incident declared timer – you add the date and time and we show you how long ago that was which helps when you look at the other one we added…..
- GDPR Notification date time – so you know it’s done and when it was done etc.
Playbooks
- We added granular configurable playbooks so you can articulate to new staff what each step should be for a given task.
- Graphical Playbook designer so you can drag and drop steps in your playbooks.
- Timed steps – each step of the individual ‘plays’ can be configured with a suggested time so you can estimate when an overall play will be completed.
Tasks
- This now shows both standalone tasks and those that were part of a playbook. You can update your status in the tasks area or on “My Home”.
Chat
- We added multi-room support for our out-of-band chat. Now you can securely chat with those on that Incident but you can have a chat room just for malware and one just for desktop IT teams. Thus they can all chat but the main room is kept clear for major updates etc.
- Because the team re-wrote the breadcrumb and session handling, you can now post links in chat to go to other parts of the application.
Communications management panel
- So you can draft your communications to execs and other stakeholders and auto-import the major updates to your incident and check those drafts.
- A wizard to step you through the process of drafting that brief for the boss using a template you designed.
Notes
- These now have a blog type format and you can click on titles at the side and can jump to any update.
- We still have comments on notes so you can chat about the key notes you have added to a case or incident.
Incident Documents
- We were strongly advised to retain these by the user community – so we gave them a UI refresh.
- They still allow you to upload and share sensitive incident related files that you can either make immutable or delete as required, but now they look better.
Client and Application Data Security
- We support multi tenant usage so you can have your Cyber, Physical and HR teams all using the same platform and their data is secure and not visible by others (including the systems admin).
- We can support database encryption (* requires additional database licensing) and multi tier replication across the planet of selected data and we can protect your GDPR incidents by configuring your system to not replicate GDPR case data out of your names sites (in EU).
- Data separation by default and by design.
- Need-to-know build into the tool – you can share your case and incident data more if you want but we give you that choice, by default and built in.
- The above four are not new but we are love the features and we are one of the few IR tools that have them so we like to shout about it when we can.
SANS Discount
- As our founder Steve Armstrong is a certified SANS Instructor we offer a discount for certain GIAC certificate holders. Go here for details.
We will add some demo walk through videos in the coming days.
We look forward to inviting you for a personalized demo, trial or onsite demo – if you register here our sales team will contact you shortly to see how Version 5 of CyberCPR can support your organisation.
For Community users we are looking to port many of the changes to the Community CyberCPR version in the coming months (Steve is aiming for February), watch this space for announcements.