Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

the data sheet to learn more

advertisement 
by Basis Technology
CYBER TRIAGE
SIMPLIFIED INCIDENT RESPONSE
Simplified Incident Response
Cyber Triage™ is incident response software that enables first
responders to quickly determine if a host is compromised. It
focuses on ease of use and automation to allow IT generalists
and less experienced responders to triage an endpoint with the
precision of a cyber response specialist. Seasoned responders
can use Cyber Triage to filter out false positives so that they can
spend more time containing and resolving serious incidents.
Cyber Triage automates the collection and analysis of host-based
data. It incorporates heuristics, malware scanning, and a back-end
database to allow the responder to easily determine if the host
is compromised or not. If it is, then digital forensics and malware
experts can be brought in to complete the response.
The Cyber Incident First Responder’s Funnel
ALERTS
FIRST
RESPONDERS
CONFIRMED
INCIDENTS
QUICKLY IDENTIFY
FALSE POSITIVES
What’s in your
First Responder’s Toolkit?
Being a first responder is difficult without
the right tools. Attackers don’t want to
be detected and therefore take great
steps to blend in and hide evidence.
To triage a system, responders need to
know where evidence could be hidden,
what the local and global attacks trends
are, and learn what is normal.
Cyber Triage is uniquely focused on
the needs of the first responder. Other
incident response tools assume that the
responder is a forensics expert, with a
deep knowledge of registry keys and
event types that must be examined.
Cyber Triage automates this workflow
and saves information from other
hosts to give the responder situational
awareness. A first responder simply
starts the collection and analysis process
and then reviews the results to answer
questions about suspicious activity.
Many incident response tools require
persistent agents to be deployed,
which can be a lengthy process to get
IT approval. Cyber Triage agents are
ad hoc, which makes it easy to deploy
and use.
Request More Information:
info@basistech.com
+1 617-396-2090
www.cybertriage.com
© 2015 Basis Technology Corporation.
CYBER TRIAGE
by Basis Technology
SIMPLIFIED INCIDENT RESPONSE
FEATURES
 Automated Collection  Automated Analysis
 Review Wizards
•Assess most threats
•Trigger automatic
collections upon alerts
using automatically
assigned threat scores.
from integrated SIEM or
IDS solutions.
•Apply heuristics to
•Collect data from host
running processes,
open ports, startup
startup items, drivers,
items, and more.
and services.
•Account for differences •Capture responders’
collective knowledge in
in each endpoint’s
a central database.
usage of remote hosts,
users, and ports.
•Compare consecutive
collections; find and
•View data that is
communicate future
enriched using Geo IP
results faster.
mapping and domain
blacklists.
•Determine if the
collected data is new
•Make decisions based
since the last analysis,
on fused, correlated
and whether it is
data from multiple
present on other hosts.
sources such as the
registry, event logs,
and files.
•Perform live and remote •Scan executables for
malware via OPSWAT®
analysis with Cyber
integration.
Triage’s non-persistent
agent.
•Ignore known files with
•Send results to a remote hash databases.
Cyber Triage server,
or save them to a USB
drive.
 Situational Awareness
About Cyber Triage
Cyber Triage™ is built by the digital forensics
group at Basis Technology, led by Brian Carrier who
previously ran an incident response team at @stake,
developed The Sleuth Kit and Autopsy open source
tools, and authored the popular book, “File System
Forensic Analysis”. The group also develops custom
solutions, from large cluster-based systems to turnkey
deployable systems, for the U.S. government and
commercial systems that do not meet mission needs.
With a focus on automation, extensibility, and ease of
use, the experience drawn from these solutions led to
the design of Cyber Triage, similar to the way digital
forensics is deployed in a battlefield. Media seized in
the field is triaged for actionable intelligence using
easy-to-use automated software, and then sent to the
lab for deeper analysis.
About Basis Technology
Basis Technology is the primary contributor to the
popular Autopsy open source digital forensics tool.
It has 20,000+ downloads for each release and
was designed to be an extensible platform. That
extensibility is used by Cyber Triage to provide digital
forensics recovery in an easy to use incident response
tool.
Basis Technology was founded in 1995 and also
has a text analytics group that extracts meaningful
intelligence from unstructured multilingual text. The
text analytics products have been used by over two
hundred major firms, including Amazon, EMC, Oracle,
Dassault, Fujitsu, Google, Airbnb, Microsoft, Pinterest,
and governments around the world.
© 2015 Basis Technology Corporation. “Basis Technology Corporation” , “Rosette” and “Highlight” are registered trademarks of Basis
Technology Corporation. “Big Text Analytics” is a trademark of Basis Technology Corporation. All other trademarks, service marks, and logos
used in this document are the property of their respective owners. (2015-03-16-DFCT)
Related documents
Emergency Code Poster
Emergency Code Poster
paediatric triage
paediatric triage
Senior Software Engineer - Computer Science Job Board
Senior Software Engineer - Computer Science Job Board
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Jorge Valenzuela
Jorge Valenzuela
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
solving national security challenges with information technology by
solving national security challenges with information technology by
Capabilities Briefing - GliaCell Technologies
Capabilities Briefing - GliaCell Technologies
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Download
advertisement