
Cyber breaches are on the rise. In America, around two-thirds of Americans who went online received at least one online scam offer, and 47% of American adults have had their person information exposed by cyber criminals, according to the Cybersecurity and Infrastructure Security Agency. These may be the same American adults working for your companies that are at risk of having company information breached.
When it comes to responding to data breaches when they happen, time is of the essence. Security teams must identify relevant insights and extract actionable intelligence to drive swift conclusions. But, of course, that is easier said than done.
SentinelOne, a provider of autonomous cybersecurity, knowns the challenges of the daunting task. Therefore, SentinelOne expanded its forensics capabilities to simplify things with the release of Singularity RemoteOps Forensics, a new digital forensics product offering that brings incident response readiness to companies of all sizes. This enables companies to execute efficient and streamlined investigation and response activities with unprecedented speed and scale.
Integrated with the SentinelOne Singularity Platform (and offered as an add-on to Sentinel One’s Endpoint and Cloud Workload Security solutions), RemoteOps Forensics is a fast, efficient and flexible digital forensics and incident response solution that security teams can use to optimize resources and accelerate Mean Time to Resolution.
It allows teams to perform ad-hoc or conditional trigger-based evidence collection, enabling targeted investigations on one or multiple assets, including endpoints and server workloads. The solution also automates the collection of evidence, such as processes, ports, service listings, MFT, Amcache, JumpLists and memory dumps, and orchestrates them in less than a minute.
RemoteOps Forensics consolidates evidence into one data pool through the Singularity Security DataLake, correlating SentinelOne and partner data with forensics data in the same search. This comprehensive approach helps create a detailed picture of an attack, quickly identify the root cause and take measures to mitigate risk.
Security teams can analyze the collected evidence alongside endpoint detection and response data in one console, allowing them to proactively defend against future threats. Additionally, the solution enables the correlation and analysis of integrated data to uncover hidden indicators of compromise, identify advanced attack patterns and understand the tactics, techniques and procedures employed by threat actors.
RemoteOps Forensics eliminates the need to deploy and provision multiple tools during investigations, saving organizations both time and resources. The solution also makes investigations more forensically sound, as less changes are made on disk, and SentinelOne employs its anti-tampering capabilities as well as metadata collection capabilities to ensure data integrity is maintained.
“As timelines for reporting and responding to breaches shrink, it is imperative that security teams have advanced forensics capabilities that make investigations faster and more efficient, and with Singularity RemoteOps Forensics, we are delivering them," said Jane Wong, Senior Vice President of Products and Strategy, SentinelOne.
Singularity RemoteOps Forensics is available and in use by customers today.
Edited by
Alex Passett