Determine the extent.

Accelerate on-site and remote responder’s forensic investigation with critical network and endpoint data.

ransomware one of the greatest cybersecurity threats

Disrupt the threat.

Minimize threat actor dwell time with embedded containment capabilities via host isolation and network communication disruption.

ransomware one of the greatest cybersecurity threats

Eliminate all traces.

Illuminate the extent of the incident and eliminate all traces with full network packet capture and endpoint telemetry.

ransomware one of the greatest cybersecurity threats

Monitor for Re-entry.

Monitor post incident for threat re-entry to ensure the network and endpoints are not susceptible to new points of attack.

ransomware one of the greatest cybersecurity threats

Traditional Incident Response is Not Enough

Rapid Assist augments eSentire partners’ incident responders collecting network and endpoint data that speeds threat hunting and investigation.

Embedded containment capabilities via host isolation or network communication disruption contains a threat actor earlier in the kill chain while responders perform remediation and network hardening.

Rapid Assist’s full network packet capture and endpoint visibility provides responders with a comprehensive picture on how an attacker gained entry so all traces and vulnerabilities can be eliminated.

Post remediation, Rapid Assist continues to monitor for threat re-entry ensuring blind spots are illuminated and your organization is safe from further attack.

To learn more, download our Rapid Assist Infographic.

View Now 

Review the Rapid Assist Data Sheet

Learn More

Endpoint Activity Capture

Continuously records, centralizes and retains vital endpoint activity including file modifications, cross-process events, registry modifications, file executions, executed binaries and network connections.

Full Network Packet Capture (PCAP)

Summary metadata and targeted queries into full PCAP data to confirm or explain an event with forensic analysis techniques.

URL History

Captures HTTP traffic and provides full forensics view complete with referrer and user agent. It also uses a proprietary Deep Packet Inspection (DPI) engine to detect and capture URLs.

IP Blacklist (AMP)

Uses a proprietary Deep Packet inspection (DPI) engine to detect traffic from blacklisted IPs.

Data Loss Analysis

Provides outbound file capture, such as email attachments, for threat qualification and forensic analysis including SMTP, cloud storage, FTP transfers, etc.

Packet Analyzer

Detects suspicious behavior such as unusual ports scans, sequential scans and “spamming” machines.

SSL Decryption and Traffic Disruption

Detects SSL based malware for profiling and threat signature creation.

Rapid Deployment

Up and running within hours, not days, collecting data critical for on-site or remote incident responders

Network Tactical Threat Containment

Rule-based detection and mitigation capabilities can automatically “kill” TCP connections in real-time or to notify SOC analysts.The SOC can also manually “kill” TCP connections on the client’s behalf preventing a threat actor’s spread.

Endpoint Tactical Threat Containment

SOC analysts can perform host isolation by locking down and isolating compromised endpoints to prevent lateral spread.

24x7 Continuous Monitoring

Analysts will continue to monitor for attacker re-entry related to the successful attack leveraging details of forensic investigation as well as previous attackers TTPs.

Country Killer

Optional - Disabled by Default

Uses a proprietary DPI engine to stop traffic from IPs that are located in a specific country or blocks them based on the country’s domain.

Executable Analysis and Blocking

Optional - Disabled by Default

Provides whitelist-based executable download detection and mitigation. If a file is not in the whitelist, analysts intervene and block the download by killing the connection in real time.

Bandwidth Profiler

Optional - Disabled by Default

Detects abnormal bandwidth usage if there is a suspected internal threat (exfiltration or otherwise) or a Distributed Denial of Service (DDOS) attack.

Talk to a Rapid Assist Sales Representative Today

By submitting your email address, you consent to receive electronic communications from eSentire regarding our services, news, updates and events. View our Privacy policy.

Loading Form...
Thank you for your interest.

A representative will be in contact with you shortly.