Help the communities most affected by the California wildfires in only a few minutes. We'll donate $10 for every review you submit.

Best Incident Response Software

Incident response software automates the process of and/or provides users with the tools necessary to find and resolve security breaches. Companies utilize the tools to monitor networks, infrastructure, and endpoints for intrusions and abnormal activity. They then use the programs to inspect and resolve intrusions and malware in the system. These products provide capabilities to resolve issues that arise after threats have bypassed firewalls and other security mechanisms. They alert administrators of unapproved access of applications and networks. They also have the ability to detect a variety of malware variants. Many tools automate the process of remedying these issues, but others guide users through known resolution processes.

Many incident response soluctions function similarly to security information and event management (SIEM) software, but SIEM products provide a larger scope of security and IT management features.

To qualify for inclusion in the Incident Response category, a product must:

  • Monitor for anomalies within an IT system
  • Alert users of abnormal activity and detected malware
  • Automate or guide users through remediation process
  • Store incident data for analytics and reporting
G2 Crowd Grid® for Incident Response
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
Filters
Features
Star Rating

Incident Response reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Incident Response Software
Results: 56
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    Rapid7 InsightIDR is a fully integrated detection and investigation solution that gives you the confidence to identify a compromise as soon as it occurs. InsightIDR leverages attacker analytics to detect intruder activity earlier in the attack chain, cutting down false positives and unnecessary work for security professionals. Hunt for actions indicative of compromised credentials, spot lateral movement across assets, detect malware, and set intruder traps. Make investigations 20x faster by uncovering insight hidden in your user activity, logs, and endpoints. With InsightIDR you can get up and running in hours, gaining the insight you need to make better decisions, faster.


    Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real-time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations. Swimlane was founded to deliver scalable, innovative and flexible security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages. Swimlane is at the forefront of the growing market for security automation and orchestration solutions that automate and organize security processes in repeatable ways to get the most out of available resources and accelerate incident response. Swimlane offers a broad array of features aimed at helping organizations to address both simple and complex security activities, from prioritizing alerts to remediating threats and improving performance across the entire operation. Swimlane is headquartered in Denver, Colorado with operations throughout North America and Europe.


    D3 Security provides a proven incident management platform that empowers security operations with a full-lifecycle remediation solution and a single tool to determine the root cause of and corrective action for any threat- be it cyber, physical, financial, IP or reputational.


    Cb Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Cb Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Cb Response also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement.


    The Resilient Incident Response Platform (IRP) is a platform for orchestrating and automating incident response processes.


    DERDACK Enterprise Alert® is an alert notification & mobile response software for operations teams in manufacturing, utilities, IT services, transport & logistics. Enterprise Alert automates targeted alerting processes and enables a fast, reliable and effective response to incidents threatening the continuity of services and operations. This is in particular importance for 24/7 operated mission-critical systems and IT. Enterprise Alert provides automated, and persistent alert notifications by voice, text, push, email and IM. It tracks the delivery of notifications, acknowledgements and replies and reacts automatically on non-delivery or non-reply by utilizing escalation chains, on-call schedules and presence information. Enterprise Alert enables convenient scheduling of on-call duties by drag & drop in any browser. Based on scheduling information it can then alert the right engineers at the right time. Backup engineers and stand-ins are also available. IT service staff or engineers who are alerted often need to communicate with managers, on-call staff of other teams or subject-matter experts. Derdack´s Enterprise Notification Software provides perfect toolset for a real-time, anywhere collaboration experience. Handling critical incidents shouldn’t stop with acknowledging an alert. With our mobile app you can comfortably manage alerts, troubleshoot problems and even resolve them by triggering parameter-based IT automation tasks. The mobile app mobilizes incident management and makes you independent from your monitoring or service desk console. Enterprise Alert has been specifically designed for large and global enterprises and organizations with the highest demands in reliability, productivity, integrations and security. That is why our product is one of the very few, if not the only one, that fully addresses the needs that come with running business-critical operations such as enterprise IT, manufacturing lines, energy & utility creation and distribution.

    DERDACK Enterprise Alert Reviews
    Optimized for quick response
    Get a Quote

    Cyber Triage™ is incident response software that simplifies the collection and analysis of endpoint data. Cyber Triage enables companies to have a first response capability by automating the collection and analysis of endpoint data that answers the triage questions. It provides endpoint visibility without requiring software agents. It compares data with other systems in the enterprise to help responders know what is normal. It makes the results available during future responses so the knowledge can be shared.


    The Resolve Software System is used to accelerate incident resolution for all types of incidents in customer care, network, and IT operation centers.


    With experience in every industry, Symantec's Incident Response team can get your organization back to normal operations.


    Siemplify provides a holistic security operations and incident response platform that empowers security make faster decisions with less work. Siemplify uniquely combines security orchestration and automation with patented contextual investigation and case management to deliver intuitive, consistent and measurable security operations processes. Leading enterprises and MSSPs leverage Siemplify as their SOC workbench, tripling analyst productivity by automating repetitive tasks and bringing together disparate security technologies. Founded by Israeli Defense Forces security operations experts, Siemplify is headquartered in New York with offices in Tel Aviv. www.siemplify.co


    A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.


    AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM


    Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware, Windows Server and network devices. Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way.


    Vectra Networks provides an automated threat management solution that monitors internal network traffic to detect in real time active cyber attacks inside networks.


    Demisto is a platform that provides automated and collaborative security solutions.


    ThreatCloud Incident Response helps mitigate future risks with post-incident reports and security best practices advisement.


    Hexadite Automated Incident Response Solution is a software that remediates threats and compresses weeks of work into minutes, it optimizes overtaxed security resources for increased productivity, reduced costs and stronger overall security.


    Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators the ability to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropriate, malicious, or emails containing compliance violations and also follows forwarded mail and distribution lists and creates an auditable activity trail. With Proofpoint Threat Response Auto-Pull, you can protect your people, data, and brand from today’s threats by: • Automatically pulling malicious or unwanted messages from an end-users inbox. • Enriching each message by checking every domain and IP address against premium intelligence feeds. • Including built-in reporting, showing stats like: Email quarantine success or failures, email retraction read status, targeting by active directory attribute • Reducing the remediation time needed from hours to minutes.


    Every incident is unique and one plan won’t fit all situations. Cobalt helps you manage all those “What if?” moments and makes sure everyone is reacting accordingly. The result? The response you plan is the response you get. Our comprehensive platform provides the simplest and most effective way to coordinate your response team and track progress for incidents major and minor.This increased efficiency will get you back in business, faster. Cobalt is a cloud-based, incident response system that keeps businesses and communities safe. Based on a highly secure “off-the-shelf “, per user, software service; Cobalt helps you plan for and respond to incidents as they unfold, right on your mobile device. Cobalt can also automatically trigger protocols to dispatch response teams immediately, right from your phone. Now distributed by major public safety organisations like Motorola Solutions, Cobalt Mobile App allows users to access critical files, send mass notifications, trigger alerts, respond to assigned dynamic tasks, control patrols, and track security guards, keeping the command center and management team always up-to-date. In 2016, Cobalt was inducted into the Business Continuity Institute (BCI) Hall of Fame and received the World Innovation Award by the CIR Magazine after winning the Middle East Innovation Award, by the BCI, in 2013, 2014 and 2015. Cobalt is used by governments and financial institutions to keep operations intact when incidents occur. If you have any questions, don’t hesitate to reach out. Our team is always on hand to help make sure you and your organization are running smoothly.


    CounterTack Sentinel is a solution that empowers security teams to counter advanced endpoint threats in real-time to delivers unprecedented visibility and context around targeted, persistent threats for a comprehensive approach to endpoint detection and response.


    LogicManager believes performance is a result of effective risk management. Since 2005, LogicManager's enterprise risk management (ERM) software has empowered organizations to uphold their reputation, anticipate what's ahead, and improve business performance through strong governance. Today, LogicManager’s SaaS software and included advisory service help businesses integrate risk, governance, and compliance activities so they can protect their employees, customers, and shareholders. LogicManager was named one of Insight Success’ 50 Most Valuable Technology Companies, was awarded GRC 20/20’s GRC Value Award in Risk Management, and has been recognized by Forrester Research with a perfect 5.0 in Customer Feedback. With offices in the United States and Europe, LogicManager enables companies around the globe to achieve success. To learn more about LogicManager, visit www.logicmanager.com


    Osquery is a platform designed for intrusion detection, infrastructure reliability and compliance.


    ActivLink is middle-ware that integrates ActivWare, Activus visualization and collaboration software platform, with a customers analytical or monitoring software to automatically present actionable information based on a triggering event or alarm condition, leading to better, faster incident response


    Kona Site Defender is designed to protect the web and mobile assets of organizations from sophisticated and targeted web application and DDoS attacks by providing customizable and advanced security features.


    Check Point’s multilayered security technology provides protection against advanced and zero-day cyber threats, preventing attacks, minimizing risks and offering rapid response


    CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.


    Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.


    CylanceOPTICS uses machine learning (ML) and artificial intelligence (AI) to identify and prevent widespread security incidents, providing consistent visibility, targeted threat hunting, and fast incident response.


    Comprehensive post-delivery protection against targeted email attacks, powered by machine learning and automated response capabilities.


    LogicGate enables enterprises to transform disorganized risk and compliance processes into easy to use applications with an intuitive user interface. The platform enables organizations to configure powerful yet pragmatic agile GRC workflows, logic, and rules to reduce their risk exposure and reduce costs associated with managing large compliance programs.

    LogicGate Reviews
    Optimized for quick response

    Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently.


    Redline provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.


    Control your website traffic with pat. pending click and block tech.


    Attack Mitigation System is a network security software with several security modules, like network behavioral analysis and intrusion prevention.


    Ayehu eyeShare is an IT toolbox that automate IT processes, using a visual workflow and pre-built activities it can automate tasks across systems Linux, Windows, Active Directory, File systems, Database, Storage, Network, Web and many more.


    Order, configure and deploy your Canaries throughout your network. Then you wait. Your Canaries run in the background, waiting for intruders.


    To date, organizations have lacked an efficient process for gathering, organizing, and analyzing user reports of suspicious emails that may indicate early stages of a cyber attack. Cofense Reporter provides organizations with a simple, cost-effective way to fill this information gap.


    Continuity Engine ("CE") is a business continuity software that protects your most mission-critical applications with a goal of zero downtime. Beyond HA or replication, CE takes a proactive approach with true continuous data protection. CE delivers near-zero recovery times by monitoring the health of your applications and instantly failing over if a threat is detected. Simply put, we can help you prepare for and protect your applications, servers, and data from disaster and unplanned outages.


    DarkMatter's Cyber Network Defence division provides sophisticated active defence solutions, including assessments, penetration testing, threat hunting, and incident readiness and response services to help organisations unify and strengthen their security programmes.


    CyberSponse is a enterprise automation and orchestration platform that combines both cyber security solutions with human intuition.


    Our Content Threat Removal Platform is the world's first cyber security solution that mitigates the risk of stegware attacks that hide from detection using steganography techniques.


    Evanios provides end-to-end visibility and actionable intelligence for dynamic IT environments. Utilizing preconfigured logic, machine learning algorithms, and ITSM contextual data, it automatically reduces alert noise, prioritizes events, identifies root cause and predicts outages before they occur.


    A MANAGED THREAT HUNTING SERVICE BUILT ON THE CROWDSTRIKE FALCON® PLATFORM


    Endpoint Detection & Response solution based on artificial intelligence


    DFLabs is the pioneer in Security Automation & Orchestration technology. Our IncMan Security Automation and Orchestration platform enables CIRT’s and SOC’s to manage, measure and orchestrate security operations tasks including security incident qualification, triage and escalation, threat hunting & investigation and threat containment. At the the heart of IncMan is our R3 Rapid Response Runbook engine. R3 runbooks are created using a visual editor that supports granular, stateful and conditional workflows to orchestrate and automate incident response activities such as incident triage, stakeholder notification, data and context enrichment and threat containment. R3 runbooks are enhanced by capabilities to empower incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge between IR and SOC teams. Our patent-pending Automated Responder Knowledge (DFLabs ARK) module applies machine learning to historical responses to threats, and recommends relevant playbooks and paths of action to manage and mitigate them.


    Orchestration and automation to accelerate your teams and tools


    IR-Flow synchronizes teams, tools, and playbook in a virtual soc.


    Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamlessly integration in your SDLC


    Lastline Analyst provides your threat analysts and incident response teams with the advanced malware inspection and isolation environment they need to safely execute advanced malware samples and understand their behavior.


    NC4 integrates technology and resources around all-hazards information collection and analysis into its proactive risk management application, NC4 Risk Center. NC4 Risk Center enhances member's capabilities in monitoring, analyzing, and responding to risks that pose a threat to their organization.