Collect forensic data
Why it matters
Majority of cybersecurity solutions focus on detection and protection. While this is a necessary first step in stopping the attacks it is also just that, a first step. Often the hard work, finding out what has happened or what is going on starts after the initial alert. The common challenges responders face:
- Finding out the context and details of the alert is a manual process of combing through disparate data sources
- Necessary data may be unavailable altogether
- Associating relevant forensic data to original alert is time consuming detective work
How we can help
- SensorFleet supports forensic data collection and detection with comprehensive set of Instruments like Traffic Recorder, Netflow and PassiveDNS
- Forensic data will be collected automatically and close to the source that triggers an alert
- Data collection triggered by SensorFleet detection Instruments will be automatically associated with the alert
Bigger picture
Combining forensic data collection and detection with the automatically generated context information accelerates incident investigation. Forensic data, while centrally manageable, is stored locally on the Sensors. This protects the integrity of the network segregation, saves bandwidth and enables granular data retention policies.
Judging by the raw numbers of tools we placed in each category based on their primary functions, vendors are primarily selling tools in the “protection” and “detection” categories… There’s a lot of room in helping organizations with the identification, response and recovery categories.