Best Incident Response Software in China - Page 3
View:
Compare the Top Incident Response Software in China as of October 2025 - Page 3
Sort By:
-
1
Trellix Helix Connect
Trellix
To protect against advanced threats, organizations need to integrate their security and apply the right expertise and processes. Trellix Helix Connect is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Gain comprehensive visibility and control across your entire enterprise by collecting, correlating and analyzing critical data for meaningful threat awareness. Easily integrate security functions without extensive and costly cycles. Make informed and efficient decisions with contextual threat intelligence. Detect advanced threats with machine learning, AI and integrated real-time cyber intelligence. Gain critical context into who is targeting your organization and why. With a smart and adaptive platform, you can predict and prevent emerging threats, identify root causes and respond in real time. -
2
Proofpoint Threat Response
Proofpoint
Security teams face many challenges when responding to threats that are targeting people in their organization. Those challenges are staff shortages, an overwhelming number of alerts and attempting to reduce the time it takes to respond and remediate threats. Proofpoint Threat Response is a leading security orchestration, automation and response (SOAR) solution that enables security teams to respond faster and more efficiently to the everchanging threat landscape. Threat Response orchestrates several key phases of the incident response process. It can ingest any alert from any source and automatically enrich and group them into incidents in a matter of seconds. Security teams receive rich and vital context from leveraging Proofpoint Threat Intelligence as well as third-party threat intelligences to help understand the "who, what and where" of attacks, prioritize and quickly triage incoming events. -
3
Swimlane
Swimlane
At Swimlane, we believe the convergence of agentic AI and automation can solve the most challenging security, compliance and IT/OT operations problems. With Swimlane, enterprises and MSSPs benefit from the world’s first and only hyperautomation platform for every security function. Only Swimlane gives you the scale and flexibility to build your own hyperautomation applications to unify security teams, tools and telemetry ensuring today’s SecOps are always a step ahead of tomorrow’s threats. Swimlane Turbine is the world’s fastest and most scalable security automation platform. Turbine is built with the flexibility and cloud scalability needed for enterprises and MSSP to automate any SecOps process, from SOC workflows to vulnerability management, compliance, and beyond. Only Turbine can execute 25 million daily actions per customer, 17 times faster than any other platform, provider, or technology. -
4
DERDACK Enterprise Alert
Derdack
Derdack’s enterprise alerting software automates alerting processes and enables a fast, reliable and effective response to incidents threatening the continuity of services and operations. This is in particular important for 24/7 operated mission-critical systems and IT. Our critical alerting software combines four pillars to effectively respond to incidents – automated alert notifications, convenient duty scheduling, ad-hoc collaboration and anywhere incident remediation. Enterprise Alert provides automated, and persistent alert notifications by voice, text, push, E-Mail and IM. It tracks the delivery of notifications, acknowledgments and replies and reacts automatically on non-delivery or non-reply by utilizing escalation chains, on-call schedules and presence information. Enterprise Alert enables convenient scheduling of on-call duties by drag & drop in any browser. Based on scheduling information it can then alert the right engineers at the right time. -
5
FortiEDR
Fortinet
Fortinet announced the acquisition of enSilo, Inc., a leading provider of advanced endpoint security. The combination of Fortinet and enSilo further enhances the Fortinet Security Fabric by providing enterprises with a full suite of endpoint detection and response (EDR) capabilities designed to automate the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality. enSilo’s integration with Fortigate firewalls, FortiSIEM, FortiSandbox and FortiClient, helps enterprises gain superior endpoint visibility and tightly coordinated, dynamic control of network, user, and host activity within their environment. Likewise, service providers can extract the full value of such integration and deliver a comprehensive and efficient managed detection and response (MDR) service. -
6
Resolve
Resolve Systems
Resolve is the #1 IT automation and orchestration platform, powering more than a million automations every day from simple, high-volume tasks to incredibly complex processes that go well beyond what you imagine is automatable. With more than a decade of automation expertise under our belts, we know how to build an intelligent automation and orchestration platform to meet the growing demands faced by today’s IT Operations and Network Operations teams. In fact, millions of automations are powered by Resolve on a daily basis… many of which go well beyond what you imagine is automatable. We know it sounds impossible, but it’s true. Just ask the customers who have cracked the code on tough automations like PIM testing, updating active load balancers, CUCM onboarding in seconds, true end-to-end patch management, interacting with Watson for NLP, maintaining infrastructure in segregated networks and hybrid cloud deployments, and more. Keep reading to see how we do it. -
7
LMNTRIX
LMNTRIX
LMNTRIX is an Active Defense company specializing in detecting and responding to advanced threats that bypass perimeter controls. Be the hunter not the prey. We think like the attacker and prize detection and response. Continuous everything is the key. Hackers never stop and neither do we. When you make this fundamental shift in thinking, you start to think differently about how to detect and respond to threats. So at LMNTRIX we shift your security mindset from “incident response” to “continuous response,” wherein systems are assumed to be compromised and require continuous monitoring and remediation. By thinking like the attacker and hunting on your network and your systems, we allow you to move from being the prey to being the hunter. We then turn the tables on the attackers and change the economics of cyber defense by shifting the cost to the attacker by weaving a deceptive layer over your entire network – every endpoint, server and network component is coated with deceptions. -
8
Vectra AI
Vectra
Vectra enables enterprises to immediately detect and respond to cyberattacks across cloud, data center, IT and IoT networks. As the leader in network detection and response (NDR), Vectra uses AI to empower the enterprise SOC to automate threat discovery, prioritization, hunting and response. Vectra is Security that thinks. We have developed an AI-driven cybersecurity platform that detects attacker behaviors to protect your hosts and users from being compromised, regardless of location. Unlike other solutions, Vectra Cognito provides high fidelity alerts instead of more noise, and does not decrypt your data so you can be secure and maintain privacy. Today’s cyberattacks will use any means of entry, so we provide a single platform to cover cloud, data center, enterprise networks, and IoT devices, not just critical assets. The Vectra NDR platform is the ultimate AI-powered cyberattack detection and threat-hunting platform. -
9
The Respond Analyst
Respond
Accelerate investigations and improve analyst productivity with a XDR Cybersecurity Solution. The Respond Analyst™, an XDR Engine, automates the discovery of security incidents by turning resource-intensive monitoring and initial analysis into thorough and consistent investigations. Unlike other XDR solutions, the Respond Analyst connects disparate evidence using probabilistic mathematics and integrated reasoning to determine the likelihood that events are malicious and actionable. The Respond Analyst augments security operations teams by significantly reducing the need to chase false positives resulting in more time for threat hunting. The Respond Analyst allows you to choose best-of-breed controls to modernize your sensor grid. The Respond Analyst integrates with the leading security vendor offerings across important categories such as EDR, IPS, Web Filtering, EPP, Vulnerability Scanning, Authentication, and more. -
10
ProDiscover
ProDiscover
ProDiscover forensics suite addresses a wide range of cybercrime scenarios encountered by law enforcement and corporate internal security investigators. ProDiscover is widely used in Computer Forensics and Incident Response. The product suite is also equipped with diagnostic and evidence collection tools for corporate policy compliance investigations and electronic discovery. ProDiscover helps in efficiently uncovering files and data of interest. Wizards, dashboards and timeline views help in speedily discovering vital information. Investigators are provided with a wide range of tools and integrated viewers to explore the evidence disks and extract artifacts relevant to the investigation. ProDiscover combines speed and accuracy, with ease of use and is available at an affordable price. Launched in 2001, ProDiscover has a rich history. It was one of the first products to support remote forensic capabilities. -
11
SmartEvent
Check Point Software Technologies
SmartEvent event management provides full threat visibility with a single view into security risks. Take control and command the security event through real-time forensic and event investigation, compliance, and reporting. Respond to security incidents immediately and gain network true insights. SmartEvent provides a single view into security risks. Take control and understand your security status and trends. Respond to security incidents immediately and gain network true insights. Always the latest security management keeps you automatically up-to-date. On-demand expansion to seamlessly onboard more gateways. Zero maintenance makes your environments more secure, manageable and compliant. -
12
PT Industrial Security Incident Manager
Positive Technologies
The PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance with cybersecurity legislation and industry regulations. Ease of ICS connection and self-learning technology make PT ISIM a good fit for small businesses, especially when security staff are in short supply. PT ISIM can power a security operations center (SOC) for monitoring of ICS threats and effective security management across geographically dispersed sites. A flexible mix of components makes PT ISIM easy and quick to deploy, with minimal configuration required, on infrastructures belonging to companies in any industry. Whether rapid or gradual, scaling up is always a smooth process on even the most complex networks. The monitoring architecture of PT ISIM is passive-only. -
13
Wazuh
Wazuh
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. Wazuh is used to collect, aggregate, index and analyze security data, helping organizations detect intrusions, threats and behavioral anomalies. As cyber threats are becoming more sophisticated, real-time monitoring and security analysis are needed for fast threat detection and remediation. That is why our light-weight agent provides the necessary monitoring and response capabilities, while our server component provides the security intelligence and performs data analysis. Wazuh addresses the need for continuous monitoring and response to advanced threats. It is focused on providing the right visibility, with the insights to help security analysts discover, investigate and response to threats and attack campaigns across multiple endpoints. -
14
GreatHorn
GreatHorn
If your organization has shifted to a cloud-native email platform it’s time to reevaluate your email security to address today’s sophisticated zero-day attacks, and complex social engineering tactics like business email compromise and email account compromise. GreatHorn Cloud Email Security Platform changes the way you manage risk, layering sophisticated detection of polymorphic phishing threats with user engagement and integrated incident response, allowing your organization to address advanced threats at the moment risk enters your environment. No changes to mail routing or MX records, 5 minute deployment, and out-of-the-box default policies give you the immediate protection you require. Using artificial intelligence and machine learning, accurately identify risk areas, threat patterns, and zero-day phishing attacks to reduce response time. Continuous engagement helps train end users at the moment a potential phish enters their inbox. -
15
ASGARD Management Center
Nextron Systems
ASGARD Management Center is the perfect incident response platform. It not only lets you execute enterprise wide thor scans. It also provides an easy to use interface for execution of complex response playbooks on up to one million endpoints – all from a single console. ASGARD ships as hardened virtual appliance and features agents for Microsoft Windows, Linux, AIX, and MacOS. Its rich API facilitates interoperation with SOAR frameworks, sandboxes, antivirus systems, SIEM systems, CMDBs, IPS devices – or in other words: with literally any security device you may have in place. This short demo shows how easy it is to launch a scan with custom IOCs from a connected MISP. In the example we select all events with the keyword “Emotet”, add them to a new rule set and use that rule set in a new Group Scan with THOR. -
16
Blackpanda
Blackpanda
Blackpanda Digital Forensics services & Incident Response experts help identify, prioritize, contain, and remediate security issues in the event of a breach—helping you both minimize damage and respond more effectively to future incidents. Our incident response experts work with your team to identify vulnerable assets, draft organizational response plans, and craft bespoke playbooks to common attack events and communications protocols, while thoroughly testing all processes to optimize response. In doing so, our cyber security services help mitigate damage before an incident even occurs. Digital actions leave digital footprints. Our expert digital forensics investigators collect, analyze, and preserve digital evidence to outline the details of an incident, recover lost or stolen data, and testify to stakeholders or law enforcement, where necessary. Our forensic cyber security services can be instrumental in legal, corporate and private cases. -
17
Thinkst Canary
Thinkst Canary
Most companies discover they've been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out why our Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents. It’s pretty rare to find a security product that people can tolerate. It’s near impossible to find one that customers love. Tons of security products would be useful, if only you changed everything you did and made them the centre of your universe. This never happens, so they sit half deployed forever. Thinkst Canary doesn’t try to monopolise your time or dominate your thinking. Deploy your birds and forget about them. We will remain silent until you need us most. Order, configure and deploy your Canaries throughout your network. -
18
Deep Secure
Deep Secure
Featuring Deep Secure’s unique Threat Removal technology, iX provides 100% guaranteed protection from known and even zero day malware in documents and images. Working on the perimeter, iX acts as a transparent application layer proxy. With support for a wide range of protocols and data formats, it integrates seamlessly into a range of business processes and applications. Documents are intercepted at the boundary and then re-created from scratch, clean and safe on the other side. Nothing travels end-to-end but safe content – 100% guaranteed. Stops malware being infiltrated and prevents covert outbound data loss – for example via image steganography. Deep Secure’s unique content transformation technology intercepts documents at the network boundary and then re-creates them from scratch, clean and safe on the other side. This destroys the threat. Nothing travels end-to-end but safe content. -
19
eRiskHub
eRiskHub
Let's face it. There's no such thing as perfect security. Whether by hacker, computer glitch or staff mistake, most organizations will experience a data breach incident. In the face of a cyber incident, your clients need urgent help and expertise to respond and recover. Given the complex nature of such events, response is always multi-pronged, requiring expertise in legal/regulatory compliance, information technology (IT) security, privacy, DR/BC, computer forensics, law enforcement, PR, and other areas. When you license the eRiskHub® portal, powered by NetDiligence®, you provide your clients with a go-to resource for all things cyber, helping them shore up their defenses and respond effectively to data breaches, network attacks and other cyber events. We offer several different options to choose from! See our options to the right. -
20
HYAS
HYAS
HYAS Protect provides proactive security, enabling enterprises to make real-time, automated, data-based risk assessments. HYAS Protect can mitigate threats in real-time and provides a threat signal to improve existing security solutions. HYAS Insight provides threat and fraud response teams with unparalleled visibility into the origins of attacks, the infrastructure being used to attack, and the infrastructure likely to be used in future attacks so they can speed investigations and proactively defend enterprises. First West Credit Union, a leading Canadian financial institution, combats cyber fraud and responds to security incidents with help from HYAS Insight. Read this case study to learn how HYAS helped improve analyst investigation speed by 3X. In addition to communicating with you in response to this submission, we would like to send you news, offers and information regarding our products and services as well as other content that we believe may be of interest to you. -
21
Mitiga
Mitiga
Imagine the most talented military cybersecurity specialists in the world were in charge of your cloud’s Incident readiness & response. Now imagine this knowledge and expertise was baked into a completely new tech stack, and delivered with managed services. The unique risks of hybrid cloud environments require equally unique preparation to endure security incidents. Mitiga bolsters organizations’ security resiliency by navigating them through the fog of war of an incident, and accelerates their bounce-back to business-as-usual, from days, down to hours. Mitiga’s managed services are infused with a completely reimagined Incident readiness & response tech stack. Lock-in Mitiga’s top-tier talent that will get you back to business-as-usual swiftly, with precision-handling of real-time incidents. -
22
Everbridge Risk Intelligence
Everbridge
Everbridge Risk Intelligence is a risk monitoring solution that integrates risk intelligence technology and resources around all-hazards information collection and analysis, enhancing your ability to monitor, analyze, and respond to risk. Combining thousands of the most trustworthy data sources with an experienced team of analysts at our Risk Intelligence Monitoring Center (RIMC), Everbridge Risk Intelligence's targeted real-time alerting streamlines your organization’s ability to monitor and analyze worldwide incidents and events, dramatically increasing your ability to respond to risks that threaten your people, organization, and supply chain. This comprehensive, configurable risk monitoring solution delivers actionable information that helps reduce risk wherever your people live, work, or travel. Satisfy Duty of Care obligations with real-time risk assessment and hyper-local data of the threat landscape wherever your employees live, work, and travel. -
23
Kroll Compliance
Kroll
Third parties, customers, and partners present legal, reputational, and compliance risks to your organization. The Kroll Compliance Portal arms you with the capabilities to control those risks at scale. Relative risk can dictate the need for a closer look. Emailing back and forth with analysts and downloading and saving files can slow you down, create a gap in the audit trail, and leave you vulnerable to information security risks. Take the due diligence process out of emails and file folders and bring order with the Kroll Compliance Portal. Many compliance programs become time and resource intensive because of manual processes or inflexible software. Put an end to that with the Kroll Compliance Portal’s Workflow Automation. Your business demands efficient third party onboarding. You need an accurate risk assessment. The Kroll Compliance Portal Questionnaire accelerates the onboarding process through automation, tracking and scoring in line with your risk model. -
24
Query Federated Search
Query
Query is a federated search platform delivering a single search bar to access all your security-relevant data, wherever it is stored. The Query Federated Search Platform unlocks access to and value from cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization. This leads to massive cost savings, more efficient security operations across real-time and historical data sources, and reduced security analyst ramp-up time. -
25
OnSolve
OnSolve
Pinpoint and respond to threats that impact your people, places and property – quickly, accurately and reliably. Every minute counts™. That’s why OnSolve prioritizes speed, relevance and usability to help our customers achieve the best possible outcome when a critical event occurs. Communicate faster to the right people on any device. Quickly activate crisis response plans and collaborate in real time. Filter out irrelevant data to make informed, proactive decisions. Deliver customized incident plans and task assignments to ensure appropriate action. Identify all active incidents at-a-glance using the risk intelligence dashboard. Enhance the alert send process to improve response times. Access business continuity plans anywhere via a mobile app. -
26
BlueVoyant
BlueVoyant
BlueVoyant’s Modern SOC leverages leading technology solutions, deployed on your infrastructure, and managed by our elite team of experts. BlueVoyant’s Third-Party Cyber Risk Management and Digital Risk Protection solutions leverage the most sophisticated and comprehensive data collections and analytics in the industry to deliver end-to-end external cybersecurity protection at scale. Our new global reality has accelerated digital transformation efforts. Years-long plans are now being implemented in just months. This is why cyberattacks are becoming increasingly complex and fast-moving. At the same time, the commoditization of ransomware has made even the smallest organizations a target. Our broad range MDR platform exists to help level the playing field: providing cybersecurity that sufficiently covers the rapidly evolving needs of every organization – and based on your threat-risk profile instead of just your budget. -
27
THOR
Nextron Systems
THOR is the most sophisticated and flexible compromise assessment tool on the market. Incident response engagements often begin with a group of compromised systems and an even bigger group of systems that are possibly affected. The manual analysis of many forensic images can be challenging. THOR speeds up your forensic analysis with more than 12,000 handcrafted YARA signatures, 400 Sigma rules, numerous anomaly detection rules and thousands of IOCs. THOR is the perfect tool to highlight suspicious elements, reduce the workload and speed up forensic analysis in moments in which getting quick results is crucial. THOR focuses on everything the Antivirus misses. With its huge signature set of thousands of YARA and Sigma rules, IOCs, rootkit and anomaly checks, THOR covers all kinds of threats. THOR does not only detect the backdoors and tools attackers use but also outputs, temporary files, system configuration changes and other traces of malicious activity. -
28
Layer Seven Security
Layer Seven Security
Leading cybersecurity protection for cloud and on-premise SAP applications including S/4HANA and HANA platforms. Layer Seven Security provides industry-leading experience, expertise and insight to secure your SAP technology stack including network, operating system, database and application components. Test your defences and discover vulnerabilities in your SAP systems before the attackers. Reveal the business impact of successful exploits against your SAP platform. 2 out of 3 SAP systems experience security breaches. Protect your SAP applications against cyber threats with the Cybersecurity Extension for SAP Solutions. The layered control strategy supported by assessments is based on best practices and SAP security recommendations. Our experienced security architects work closely with your organization to implement end-to-end protection for the entire SAP technology stack. -
29
Gem
Gem Security
Empower your security operations teams with built-in expertise and automatic response capabilities fit for the cloud era. Gem delivers a centralized approach to tackle cloud threats, from incident response readiness, through out-of-the-box threat detection, investigation and response in real-time (Cloud TDIR). Traditional detection and response tools aren’t built for the cloud, leaving organizations blind to attacks and security operations teams unable to respond at the speed of cloud. Continuous real-time visibility for daily operations and incident response. Complete threat detection coverage for MITRE ATT&CK cloud. Understand what you need, quickly fix visibility gaps, and save costs over traditional solutions. Respond with automated investigative steps and built-in incident response know-how. Visualize incidents and automatically fuse context from the cloud ecosystem. -
30
Binalyze AIR
Binalyze
Binalyze AIR is a market-leading Digital Forensics and Incident Response platform that allows enterprise and MSSP security operations teams to collect full forensic evidence at speed and scale. Our incident response investigation capabilities such as triage, timeline and remote shell help to close down DFIR investigations in record time.