BrazenCloud Technology

Incident Response Orchestration for Hybrid Enterprises

 

Be Brazen with the BrazenCloud Platform

Automate Across Linux or Windows Workloads, Servers or Workstation Endpoints

Provides Security practitioners administrative control, remote access and the sleek ability to create and execute orchestrated actions across Workloads and Endpoints, in the Cloud, on your Premises, on Windows End-user Endpoints, throughout the Multi-Cloud, or at the Edge.

BrazenCloud Platform is constructed as a Software as a Service (SaaS) however, easily delivered as an on premise solution due to it’s portability.

BrazenCloud platform backend enables efficient Incident Response Administration, Runbook Creation, Orchestration and Network Connectivity to support data artifact movement.

Brazen Agent provides admins the ability execute actions and enable on-demand dynamic connectivity to Workloads or Endpoints.

  • Supported Operating Systems : Windows and Linux (only 4-8Mb in Size)

    • SSL Encrypted Sessions - Back-end Connections from Edge-to-Edge are encrypted to support orchestration, agent Runbook communications and data exchange between Brazen Agents.

    • Authentication, multi-tenancy Authorization - Orchestrated actions are tied to each authenticated platform user and the Brazen Agent and delegated authority through role based access control (RBAC) within each BrazenCloud platform tenant.

    • Orchestration - The BrazenCloud platform orchestrator leverages intelligent queuing, to manage and orchestrate serialized Runbook actions.

    • Data Exchange Layer - The BrazenCloud Data Exchange Layer, provides connectivity, similar to proxy solutions, that allow for dynamic zero-trust connectivity between Brazen Agents that enable on-demand, permanent or dissolvable connectivity between applications.

    • Dissolvable Agent - Each Brazen Agent can be instantly dissolved at any time off any endpoint or workload.

cross-Platform zero-trust

Encrypted Data exchange layer for response orchestration and data transport to Any Workload

BrazenCloud Platform provides users administrative control, remote access and the ability to create and execute orchestrated actions across deployed Brazen Agents.

  • Incident Response/Threat Hunting

    • File Artifact Capture

    • Remote Yara malware and system breach scanning.

    • Remote file analysis, strings files and get analysis data back, run sigma rules on end user systems and servers.

    • Memory Malware Detection and Analysis - Run Loki APT detection everywhere at scale. Execute your malware analysis actions remotely.

  • IT Security Admin Tasks

    • Automated Asset Inventory and Discovery

      • Discover Network Connected Assets Automatically.

      • Retrieve Installed OS Packages on Linux

      • Retrieve Installed Software Inventories Windows

    • Active Directory Tasks

      • Centralize and automate common active directory tasks.

    • Patch Management

      • Force Windows Updates Remotely.

      • Apply Specified Patches on Windows Machine.

  • Ops

    • Extend Syslog Collection Anywhere

    • Move Files, Execute Security Scans in a pipeline, execute transformation tasks and batches or scripts.

    • Connect and Stream Data Between Apps on Different Workloads securely with our zero trust connectivity architecture.

    • Easily script and execute complex orchestrated build processes with many steps and stages.

  • Threat Hunting

    • Forensic Artifact Capture,

    • Remote Yara malware and system breach scanning.

    • Remote file analysis, strings files and get analysis data back, run sigma rules on end user systems and servers.

    • Memory Malware Detection and Analysis - Run Loki APT detection everywhere at scale. Execute your malware analysis actions remotely.

Modular And Scalable for the Simplest Automations

  • Asset Inventory - Address NIST and ISO with BrazenCloud agent-less lateral scanning technology identifies network connected devices with comprehensive networked device visibility. Crucial asset inventory and unmanaged device discovery to address NIST and ISO requirements and security best practices for asset inventory.

  • Composable Runbooks - BrazenCloud Runbooks enable serialized execution of binary or script execution actions across multi-cloud, enable data exchange for raw application data transport, or to build on-demand dynamic connectivity between Workloads for execution tasks or server to server service or applications coms.

    • Actions - An Action used in a Runbook, and is a package of arbitrary code or binaries that is deployed or installed and then executed on a Brazen Agent. BrazenCloud Actions consist of an execution bundle including definitions of the needed details of commands and variables (as Manifests and parameters) needed for successful execution of both Windows and Linux binaries as well as PowerShell or Python scripts.

 

BrazenCloud Composable IR Runbooks

Runbook Example - Quickly discover your assets, grab system info, remotely remove an Active Directory user then force a windows update and run a report on Active Directory all in a single Rapid Fire Runbook.

Runbooks and Actions Across Multi-Cloud or on Premise Workloads. For Containers, Servers or End User Workstations.

  • Zero-Trust Connectivity Architecture - Connector Services offer and define zero-trust connectivity between Brazen Agents (for example TCP tunnels).

  • Runbook Action Data Exchange: Execute Netstat, parse remote hosts with PowerShell, push PowerShell output to port scanner, scan using that data and send resultant data output through our SSL enabled zero-trust architecture to your Elasticsearch.