Cyber Security Incident Response

 

Analyzing DLP and user activity management vendors, leading industry experts admit that a non-intrusive activity monitoring tool, while being an efficient security control solution for complicated infrastructures, still needs a strong computer security incident response and handling toolkit to enable quick and efficient response to any dangerous actions.

 

Ekran System does not interrupt your business processes remaining a monitoring solution, but allows you to quickly detect security incidents, get all necessary details to investigate them, and take adequate actions to prevent them, if required.

 

Incident response tools

Ekran System, being cyber security incident response software as well, provides such features for Windows, Citrix, and Unix / Linux platforms:

 

  • Real-time alerts on events. Setting up configurable alerts on potentially dangerous events, you can timely detect security incidents in your network. Easy-to-use email notification tool ensures that your security specialists will get all details about the events, including complete video episodes for quick analysis.
  • Live session view. After an alert is received, a specialist can access the alerted session remotely, if it is still running, and watch it in real-time, like using a security camera inside the selected end-point. Investigator gets video and all metadata details like executed commands, started applications, or typed keystrokes appearing in real-time and logged for the previous activity from the beginning of the session.
  • User blocking. If an investigator detects malicious activity when viewing live session, he can manually block the user. It will forcedly log out the user and prevent him from further logging in.
  • USB device management. USB devices can become tools of the fast and silent security incidents. Ekran System allows you to monitor connections of various USB devices and their groups, send alerts if some restricted device is connected, and finally perform automated blocking of this device if required.

 

Cross-check activities with reports

Because of continuous monitoring, you can be sure that details of any security incident is recorded in the Ekran System advanced log format. To build the second line of incident response services, you can use report generation functionality.

 

Ekran System provides you:

 

  • Alert report, containing all alerted events for a period of time;
  • USB report, containing all details about the connected USB devices for a period of time;
  • Various summarizing user activity reports.

 

You can configure scheduled generation and sending of this important statistics to your security incident response team to check if all incidents were detected and responded.

 

You can cross-check the IT security incident response actions using the internal audit log provided by Ekran System Management Tool. It includes all actions performed by the system users and your investigators with corresponding time stamps and affected objects: sessions, users, monitoring clients.

 

Incident response for SMB and big enterprises

Providing broad user activity tracking and security incident response functionality, Ekran System remains an affordable solution. Its flexible subscription model makes deployment of any size cost-efficient, thus delivering powerful incident response features for SMB and big enterprises.