You’ve Been Breached. Every Second Counts.
Incident responders are starting their investigation but attackers are accomplishing objectives faster than ever. Reduce threat actor dwell time and accelerate the incident response life lifecycle with Rapid Assist.
Determine the extent.
Accelerate on-site and remote responder’s forensic investigation with critical network and endpoint data.
Disrupt the threat.
Minimize threat actor dwell time with embedded containment capabilities via host isolation and network communication disruption.
Eliminate all traces.
Illuminate the extent of the incident and eliminate all traces with full network packet capture and endpoint telemetry.
Monitor for Re-entry.
Monitor post incident for threat re-entry to ensure the network and endpoints are not susceptible to new points of attack.
Traditional Incident Response is Not Enough
Rapid Assist augments eSentire partners’ incident responders collecting network and endpoint data that speeds threat hunting and investigation.
Embedded containment capabilities via host isolation or network communication disruption contains a threat actor earlier in the kill chain while responders perform remediation and network hardening.
Rapid Assist’s full network packet capture and endpoint visibility provides responders with a comprehensive picture on how an attacker gained entry so all traces and vulnerabilities can be eliminated.
Post remediation, Rapid Assist continues to monitor for threat re-entry ensuring blind spots are illuminated and your organization is safe from further attack.
To learn more, download our Rapid Assist Infographic.
Endpoint Activity Capture
Continuously records, centralizes and retains vital endpoint activity including file modifications, cross-process events, registry modifications, file executions, executed binaries and network connections.
Full Network Packet Capture (PCAP)
Summary metadata and targeted queries into full PCAP data to confirm or explain an event with forensic analysis techniques.
Captures HTTP traffic and provides full forensics view complete with referrer and user agent. It also uses a proprietary Deep Packet Inspection (DPI) engine to detect and capture URLs.
IP Blacklist (AMP)
Uses a proprietary Deep Packet inspection (DPI) engine to detect traffic from blacklisted IPs.
Data Loss Analysis
Provides outbound file capture, such as email attachments, for threat qualification and forensic analysis including SMTP, cloud storage, FTP transfers, etc.
Detects suspicious behavior such as unusual ports scans, sequential scans and “spamming” machines.
SSL Decryption and Traffic Disruption
Detects SSL based malware for profiling and threat signature creation.
Up and running within hours, not days, collecting data critical for on-site or remote incident responders
Network Tactical Threat Containment
Rule-based detection and mitigation capabilities can automatically “kill” TCP connections in real-time or to notify SOC analysts.The SOC can also manually “kill” TCP connections on the client’s behalf preventing a threat actor’s spread.
Endpoint Tactical Threat Containment
SOC analysts can perform host isolation by locking down and isolating compromised endpoints to prevent lateral spread.
24x7 Continuous Monitoring
Analysts will continue to monitor for attacker re-entry related to the successful attack leveraging details of forensic investigation as well as previous attackers TTPs.
Uses a proprietary DPI engine to stop traffic from IPs that are located in a specific country or blocks them based on the country’s domain.
Executable Analysis and Blocking
Provides whitelist-based executable download detection and mitigation. If a file is not in the whitelist, analysts intervene and block the download by killing the connection in real time.
Detects abnormal bandwidth usage if there is a suspected internal threat (exfiltration or otherwise) or a Distributed Denial of Service (DDOS) attack.
Talk to a Rapid Assist Sales Representative Today