AccessData Enterprise and SilentRunner Sentinel® work together to deliver the most comprehensive view into critical data.This integrated solution enables you to see the whole picture, correlating static host data, RAM and network traffic data. Organizations are able to proactively and reactively identify, analyze and remediate security incidents of any kind, including zero day events, hacking, internal security breaches and advanced persistent threats.

In the aftermath of a security incident, easily tackle the complicated tasks of capturing, analyzing and visualizing network data, then correlating that information with data found at the host level. Using this advanced methodology, you will be able to determine root cause, identify all affected machines, and neutralize the threat. Identify rogue code running on machines across your network, play back incidents in real-time to see exactly how the threat proliferated, and use the intelligence you gather to build threat profiles and mitigate the recurrence of that threat in the future. Leverage two of the most powerful cyber security technologies available today in one integrated incident response solution.

AccessData^® Enterprise

Powerful Incident Response, Including Deep Analysis of All Live Processes

• Advanced agent-side search and analysis of live memory on Windows machines across the enterprise.
• Correlate static forensic data and volatile incident response data within the same interface.
• Incident response console enables rapid review and analysis of key volatile data elements in an easy-to-use format with views of data across machines and across time.
• Integrated analysis and forensic collection of network shares.
• GUI-integrated, secure remediation
  • Right click process kill during an IR investigation.
  • Batch Remediation allows authorized personnel to automatically remediate threats on multiple machines at the same time, which is critical to preventing widespread damage due to fast-proliferating threats.

The Most Comprehensive and Efficient Investigation of Data across the Enterprise

• Distributed Processing.
• Active directory and ePO integration enable quick identification and selection of nodes.
• The industry’s first one-click acquisition of hard drives, RAM and volatile data.
• Automated Batch Acquisition of devices and RAM to streamline large multi-node evidence collections.
• Thorough data capture includes individual files, deleted files, unallocated space and logical volumes.
• Easy-to-use data processing wizard that automatically categorizes, indexes and exposes data.
• Search and collect from network shares.
• Market-leading decryption, password recovery and cracking technology.

LEARN MORE >

SilentRunner®

Real-Time Network Capture and Visualization

• SilentRunner Sentinel promiscuously monitors and records network traffic in all seven layers of the OSI stack.
• Monitors more than 1,500 protocols and services out of the box.
• Advanced visualization tools allow you to create a picture of communication flows to swiftly expose anomalies, illegal connections and security and network problems.
• Real-time network data is stored in a central database that can be queried.
• Using interactive graphical representations illustrating propogation, you can efficiently analyze users, hosts, domains, applications, protocols and addresses — detecting changes or abnormalities from established network baselines.
• Capture and analyze wireless Ethernet 802.11b and 802.11g.

Pattern and Content Analysis

• Determine the root cause of a security breach or quickly distinguish between diversionary and truly malicious incidents.
• Map virus, worm and confidential data leakage proliferation to perform root cause analysis and identify all nodes and users in an incident.
• Independent of keyword or linguistic matching, you can determine how proprietary or inappropriate information proliferated from code servers, HR or financial databases, R&D labs and others.

Forensic Analysis and On-Demand Incident Playback

• SilentRunner stores and catalogs network data into a central repository allowing you to play back the exact sequence of events aiding to ensure effective and accurate investigations.
• Directly visualize audit logs and alerts, and correlate actual network traffic to provide a complete picture of activity around the time a suspicious event occurred.
• Conduct post-event analysis and reconstruct events in their exact sequence to immediately uncover the source of an incident.
• SilentRunner maintains a millisecond clock to record packet timing.
• Quickly determine communication precedent and data proliferation.

LEARN MORE >