Cyberattacks are on the rise and when it comes to responding to them, time is of the essence. To draw quick conclusions, security teams must identify relevant information and extract actionable insights. It’s a daunting task, but SentinelOne is expanding its forensic capabilities to make things simpler.
The company launched Singularity RemoteOps Forensics, a new digital forensics product offering that prepares businesses of all sizes for incident response, enabling them to execute effective, streamlined investigation and response activities with speed and scale .
“As breach reporting and response times decrease, it is imperative that security teams have advanced forensic capabilities that make investigations faster and more effective, and with Singularity RemoteOps Forensics, we provide them,” said Jane Wongsenior vice president of product and strategy, SentinelOne.
Seamlessly integrated into the SentinelOne Singularity platform and offered as a complement to Sentinel One’s endpoint security solutions and cloud workloads, RemoteOps Forensics is a flexible digital forensics and incident response solution that teams across security can use for:
- Optimize resources and accelerate mean time to resolution
- Perform ad hoc or conditional trigger-based evidence collection, enabling targeted investigations of single or multiple assets, including endpoints and server workloads.
- Automate the collection of evidence, such as processes, ports, service lists, MFT, Amcache, JumpLists, and core dumps, and orchestrate them in less than a minute.
- Consolidate evidence into a data pool via Singularity Security DataLake, correlating data from SentinelOne and partners with forensic data in the same research to create a complete picture of an attack, quickly identify the root cause and take action. measures to mitigate risks.
- Analyze collected evidence along with Endpoint Detection and Response (EDR) data in a single console to proactively defend against future threats.
- Correlate and analyze integrated data to uncover hidden indicators of compromise, identify advanced attack patterns, and understand tactics, techniques, and procedures employed by threat actors.
And, fully integrated with the SentinelOne agent, RemoteOps Forensics eliminates the need to deploy and provision multiple tools during investigations, saving organizations time and resources. The solution also makes investigations more forensically robust because fewer changes are made to the disk, and SentinelOne uses its anti-tampering capabilities as well as its metadata collection capabilities to ensure data integrity is maintained .
“SentinelOne’s new forensic capabilities reinvent incident response by enabling security teams to conduct in-depth investigations in less time, without the need for specialized expertise or additional tools,” Wong said.
Singularity RemoteOps Forensics is now available and used by customers.