Scribd Logo
Upload

Welcome to Scribd!

  • 79 views

    Arcsight and Encase Incident Response

    Uploaded by

    gheodan
    EnCase is the best out there for incident response and compromise assessments. Before we deployed EnCase, it took two hours to review a workstation during a security incident. Now it only takes 15 minutes. You can find out where they’ve been and what they did. You can determine the origin of a malicious incident immediately.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Arcsight and Encase Incident Response

    Uploaded by

    gheodan
    79 views2 pages
    EnCase is the best out there for incident response and compromise assessments. Before we deployed EnCase, it took two hours to review a workstation during a security incident. Now it only takes 15 minutes. You can find out where they’ve been and what they did. You can determine the origin of a malicious incident immediately.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    EnCase is the best out there for incident response and compromise assessments. Before we deployed EnCase, it took two hours to review a workstation during a security incident. Now it only takes 15 minutes. You can find out where they’ve been and what they did. You can determine the origin of a malicious incident immediately.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    79 views2 pages

    Arcsight and Encase Incident Response

    Uploaded by

    gheodan
    EnCase is the best out there for incident response and compromise assessments. Before we deployed EnCase, it took two hours to review a workstation during a security incident. Now it only takes 15 minutes. You can find out where they’ve been and what they did. You can determine the origin of a malicious incident immediately.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    GUIDANCE SOFTWARE | ArcSight ESM and EnCase Cybersecurity

    Automate Incident Response with


    ArcSight ESM and EnCase Cybersecurity

    Complete Your IR Process with a Fully Integrated Forensic Response Platform

    EnCase is the best out there for


    incident response and compromise
    assessments. Before we deployed
    EnCase, it took two hours to
    review a workstation during a
    security incident. Now it only
    takes 15 minutes. You can find
    out where theyve been and what
    they did. You can determine the
    origin of a malicious incident
    immediately.

    -Deputy Director,
    IRM Office and ISSO U.S. Federal Agency

    With the proliferation of perimeter and network security solutions, your ArcSight SIEM
    platform is potentially receiving millions of events per day which translates into an ever
    growing number of alerts. The sheer volume of alerts makes it difficult to prioritize, track and
    diagnose every high-priority alert or staff policy violation. Your ability to prioritize and lower
    your response time is vital as often artifacts on a computer only exist for a small period of
    time. Therefore, the capture of relevant data is critical before the trail runs cold. Without the
    integration of alerting and response technologies by the time you determine which alerts are
    meaningful, it could be too late.

    How quickly can you respond to an incident?


    How rapidly can you reduce false positives?
    Do you have the information you need to effectively prioritize alerts?
    How long does it take you to zero in on the origin of an incident?
    Are you able to validate all potentially affected machines?

    Key Benefits
    Prioritize response with real-time
    data from potentially affected
    endpoints
    Validate which potentially
    affected endpoints are running
    unapproved, malicious or hidden
    processes
    Identify all open ports, associated
    processes and other temporary
    data at time of alert
    Associate DLLs with the relevant
    load process, reveal injected
    DLLs
    Determine if affected endpoints
    are storing sensitive data

    EnCase Cybersecurity integrates with your ArcSight SIEM to deliver real-time response,
    diagnosis and remediation (Screenshot of ArcSight SIEM with response options exposed)

    SIEM Integration
    EnCase Cybersecurity automates the incident response process by allowing you to augment
    rules in ArcSight with the ability to trigger a variety of EnCase response options based on
    specific alert criteria being met. For instance if an unauthorized user logs in to the network,
    EnCase Cybersecurity can be configured to capture relevant system information at the time the
    user logs in and correlate that back in the ArcSight user console, ensuring an accurate view of
    what was occurring at the time the unauthorized user was logged in.

    www.guidancesoftware.com

    GUIDANCE SOFTWARE | ArcSight ESM and EnCase Cybersecurity

    Dynamic Forensic Analysis


    Many perimeter solutions integrated with ArcSight identify policy violations and unapproved user
    activity from a network perspective. That is only part of the whole picture, as analysts are often
    left to follow up on user-policy infractions manually. EnCase Cybersecurity triages these alerts
    and automatically kick starts an investigation process by analyzing suspect machines to eliminate
    false positives or locate and preserve otherwise temporary artifacts. Examples of these events
    include email attachments containing intellectual property, unapproved applications and URLs of
    inappropriate websites.

    Automated Incident Response


    As alerts from perimeter and network security solutions are created, EnCase Cybersecurity can be
    configured to automatically take snapshots of all hosts involved in the event. This ensures a realtime glimpse into the state of the computer at the time of the alert, revealing known, unknown
    and hidden processes, as well as running DLLs and network socket information automatically
    delivering the critical data you need to prioritize alerts and address the highest areas of risk
    before damage occurs.

    Our Customers
    Guidance Softwares customers are corporations and government agencies in a wide variety of industries,
    such as financial and insurance services, technology, defense contracting, pharmaceutical, manufacturing
    and retail. Representative customers include Allstate, Chevron, FBI, Ford, General Electric, Honeywell,
    NATO, Northrop Grumman, Pfizer, SEC, UnitedHealth Group and Viacom.
    About Guidance Software (NASDAQ: GUID)
    Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its
    EnCase platform provides the foundation for government, corporate and law enforcement organizations
    to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as
    responding to eDiscovery requests, conducting internal investigations, responding to regulatory inquiries
    or performing data and compliance auditing - all while maintaining the integrity of the data. There are
    more than 40,000 licensed users of the EnCase technology worldwide, the EnCase Enterprise platform
    is used by more than sixty percent of the Fortune 100, and thousands attend Guidance Softwares
    renowned training programs annually. Validated by numerous courts, corporate legal departments,
    government agencies and law enforcement organizations worldwide, EnCase has been honored with
    industry awards and recognition from Law Technology News, KMWorld, Government Security News,
    and Law Enforcement Technology.
    2011 Guidance Software, Inc. All Rights Reserved. EnCase and Guidance Software are registered trademarks or trademarks owned by
    Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands
    may be claimed as the property of their respective owners.

    www.guidancesoftware.com

    You might also like