Rapid Incident Response, and Forensics for Any Workload

Written By Greg Hoglund
 

Example: Forensic Image Capture at Scale - Drop forensic images to a Designated Shared Directory

Want to do Forensics at scale or on demand?

Incident Response Forensic Collection with BrazenCloud

  • Collect Forensic artifacts and files for Rapid Incident Response across remote systems, cloud workloads and containers at enterprise scale.

  • Best practices for Digital Forensics and Incident Response (DFIR) include collection of artifacts found on workloads to determine the nature of an incident or cyberattack.

  • BrazenCloud provides an automated, scalable Runbook and Forensic Collection that leverages the CDIR Collector from Cyber Defense Institute.

  • Investigators can select which files to collect and route results to a single location providing easy evidence collection and access to examiners.

  • With BrazenCloud and Brazen Agent, you can Combine Forensic Collection with Rootkit Detection, Malware Yara Scanning all in a single easy to scale Runbook


    Brazen Agent Operating Systems Supported

    • Windows

    • Linux

 

Learn more About BrazenCloud’s Features

Learn more about BrazenCloud’s Technology

 

Combine DFIR, Malware Detection and Rootkit Detection with BrazenCloud Runbooks:

Combined Runbook with Forensic Image Capture + Malware Hunting Yara Rules and Rookit scanning.

BrazenCloud Agent Remediation Actions

Automated remediation is achieved with direct access to remote systems and executing remotely on any workload or endpoint.

Your Security Orchestration, Automation, and Response (SOAR) may alert for a specific remediation action to occur, but SOAR systems often lack access to remote systems over complex hybrid networks.

API-to-API integration between your SOAR and BrazenCloud allows you to fully automate remediation actions, in any workload, and report back success or failure of the Action.

 

Leverage simple PowerShell or Python scripts for dynamic remediation actions:

  • List processes

  • Kill a process

  • Grab files

  • Delete Files

  • List network connections

  • Disable networking

  • Change or Update Registry Key

  • Grab memory images

  • Disable User Account

  • Install a patch

  • Reload software from a trusted source

  • Reconfigure a system

Brazen Agent Operating Systems Supported

  • Windows

  • Linux

Seeing is Believing.

 

More BrazenCloud Use Cases

BrazenCloud Solutions - IT and Security Automation
Split Log Ingestion for Scaled SIEM Deployments
Split Log Ingestion for Scaled SIEM Deployments

Today’s large scale SIEM installations sometimes require the ability to load balance, split log ingestion into multiple nodes to deal with the large volumes of logs needing comprehensive analysis. Products like Elastic Stack (ELK), Splunk, Archsight, Graylog and others often require specialized deployments and architectures to overcome scalability challenges.

Read More →
Turn Any Executable into an API
Turn Any Executable into an API

PowerShell, Python, or executable open-source binaries are used extensively to enrich modern web applications and other use cases. These additional developer tasks often require extensive development efforts and consume a large amount of time to build new applications.

Read More →
Take Your Windows Security Data to Elasticsearch
Take Your Windows Security Data to Elasticsearch

BrazenCloud can inject virtually any binaries or scripts into both Windows or Linux Operating Systems to offer deeper monitoring through open source tools.

Read More →
Automated Threat Hunting At Scale
Automated Threat Hunting At Scale

Threats evolve on a continuous basis, as do the workloads and systems they penetrate. In the not-so-distant past, we relied on traditional antivirus and perimeter firewalls to defend us and that was “good enough”. Today, that is no longer works…

Read More →
Managed File Transfer (MFT) for Multi-Cloud
Managed File Transfer (MFT) for Multi-Cloud

Transfer files from anywhere to anywhere.
Manage critical data transfers inside and outside your enterprise securely and easily.

Read More →
Remote Admin Access Anywhere, No VPN
Remote Admin Access Anywhere, No VPN

Achieve direct access to remote systems one at a time or in large groups without VPN and without any network changes or changes to security policy.

Read More →
Operationalize Trusted Open Source Tools
Operationalize Trusted Open Source Tools

Run your favorite best-of-breed software tools on remote systems and containers at enterprise scale with version control and auditing.

Read More →
Rapid Incident Response, and Forensics for Any Workload
Rapid Incident Response, and Forensics for Any Workload

Best practices for Digital Forensics and Incident Response (DFIR) include a collection of artifacts found on devices…

Read More →
Intelligent Asset Discovery Everywhere
Intelligent Asset Discovery Everywhere

Discover your network. You can’t protect or manage what you can’t see. Unknown devices are your biggest risk.

Read More →
Greg Hoglund
Previous

Operationalize Trusted Open Source Tools
Next

Intelligent Asset Discovery Everywhere