|
Another industry first from Reflex is a feature called Vendor Response Plans. CISOware offers a vendor program that allows approved third-party companies to participate in a Reflex customer’s incident response process. These vendors often sell products that detect system abnormalities—like log file analysis, malware detection, or intrusion alerts. Even outside of security, many IT tools monitor things like system performance or resource usage. All of them share a common goal: detect a problem and notify someone. |
Normally, when a product flags an issue, it notifies the customer through its own channel—email, dashboards, alerts—and it’s up to the customer to notice and respond. With Reflex and the vendor response feature, that handoff becomes much more powerful.
Here’s how it works: A vendor registers with CISOware, goes through an approval process, and receives a unique vendor ID. Reflex customers can then authorize specific vendors for use in their own environments. Once approved, if the vendor’s product detects a problem, it sends a short coded message to a special CISOware email address.
This message activates a Reflex plan that the customer pre-configured. The plan can do anything the customer wants—but typically, the alert goes first to a review team. That team can decide whether the incident warrants a full response. Since the alert is coming from an external vendor, it wouldn’t make sense to activate the entire response team without verification. After all, false positives do happen.
The benefit of this setup is that vendors don’t need to rely on someone noticing an alert in a dashboard or email. Reflex ensures the message is received and routed exactly where the customer wants it to go.
But the truly revolutionary part? No API required. The vendor doesn’t have to write any code. Integration is simple, and the communication process is secure. Even in the worst-case scenario—if a malicious actor somehow obtained both the vendor ID and the customer’s approval code—the Reflex system still verifies the request. And the worst that could happen is that a review team gets alerted, realizes it’s invalid, and nothing more happens.
There’s never a direct connection between external vendors and Reflex infrastructure. It’s simple, secure, and powerful.