NetSecurity Corporation Explains Why Endpoint Detection and Response (EDR) Platforms Are Not Sufficient for Computer Forensics Investigation

NetSecurity^® Corporation, a leader in endpoint threat protection, vulnerability detection, and computer forensics investigations, announced today that traditional Endpoint Threat Detection and Response (EDR) platform and “collector scripts,” are inadequate to quickly and thoroughly conduct remote forensics investigation and incident response that can withstand legal scrutiny.

NetSecurity’s ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks.

When there is a data breach, insider threat, or a cyber attack, organizations often struggle to identify the right skills, tools or product to use for the investigation and often resort to open source scripts, freeware, collector scripts, or traditional EDR. These technologies do not scale and are not capable of conducting forensics at scale and timely. NetSecurity recognized this problem and developed ThreatResponder to help organizations conduct remote forensics investigation, eliminating travel costs and delays.

“Today’s adversaries remain relentless and highly sophisticated, often leveraging attack techniques or exploiting vulnerabilities that are largely unknown to defenders. A technology that can drill deep and tell the full story (of the who, what, when, where, why, and how) relating to attack or breach is imperative,” said Inno Eroraha, founder and chief strategist of NetSecurity. “ThreatResponder allows digital forensic investigators to conduct forensic investigations of thousands of computer systems wherever they may be located within hours instead of weeks or months.”

EDRs and collector scripts are ill-fitted for forensics investigation and incident response because they collect and analyze evidence superficially. Below are some of the reasons why ThreatResponder Platform is better suited for conducting remote forensic investigations and incident response than traditional EDRs or collector scripts:

1. With ThreatResponder, you can investigate endpoints that are online, cloud-based, on-premises, offline, dead (such as external hard drive or virtual hard drive)
2. With ThreatResponder, you can automatically contain or isolate endpoints as part of the agent deployment to avoid lateral movement  and risk the compromised system infecting other endpoints. This avoids having to shut down a system or having the hard drives shipped out for forensics examination
3. If you have indicators of compromise (IoCs)—such as file names, path, hashes, ports, IP addresses, usernames, and email addresses—you can quickly create a watch list and detect any hits
4. ThreatResponder is an endpoint threat protection, vulnerability detection, and forensic investigation. It provides you capabilities including EDR, vulnerability detection, threat hunting, forensics, and remediation.
5. ThreatResponder can show who or what machine is stealing or exfiltrating data and how much data was taken, when, by whom, and were it was sent
6. ThreatResponder also allows the investigator to remotely remediate threats in the endpoints
7. Leveraging multi-tenancy construct, you conduct multiple investigations for many customers at scale
8. ThreatResponder gives you situational awareness and a view of the vulnerability landscape and threat vectors
9. By using ThreatResponder, you complete your investigation as much as three (3) times faster than usual and cost-effectively

ThreatResponder is an all-in-one cloud-native and AI-powered endpoint security innovation laden with capabilities including threat detection, prevention, response, analytics, hunting, intelligence, forensics, and vulnerability detection. With only a lightweight agent and one single pane of glass, you can predict, neutralize, and forensically-investigate suspicious activities in your endpoints, cloud workloads, and data.

ThreatResponder FORENSICS: A standalone software for conducting legally-defensible (remote) forensics investigation of endpoints regardless of where the endpoints are located on the planet with or without an Internet connection. This module is offered FREE to the general public for non-commercial use.