AD Enterprise: Perform end-to-end post-breach forensic investigations within a single tool
AccessData Group, a leading provider of integrated digital forensics and e-discovery software, released AD Enterprise 7.1, a new version of its software for managing internal forensic investigations and post-breach analysis that contains first-to-market integration with cybersecurity platforms to automate the early stages of data collection.
“When your company’s data has been breached, it is critical to maximize the speed of your incident response and conduct rapid preservation of electronic evidence, all while minimizing the impact on business operations,” said Tod Ewasko, vice president of technical engineering at AccessData. “The new version of AD Enterprise automates the previously time-intensive manual process of launching the investigative workflow. This is the first forensic investigation management software product to offer an API that integrates seamlessly with a company’s cybersecurity platform of choice to kick off a post-breach investigation from the first moments after an intrusion has been detected.”
The API, which is available as an add-on option, enables a secure connection between a client’s cyber platform (e.g., Demisto, Phantom, etc.) and AD Enterprise. If the cybersecurity software detects an attack, it sends an alert that is received by AD Enterprise, which initiates a collection job at a designated endpoint. This saves precious time in the initial stages of the incident response by preserving data relating to the root cause of the breach.
“The new AccessData release contains a critical API option that will allow our team to integrate our SIEM platform with our forensic platform,” said Scott Sattler, forensic consultant from SecureLabs.net. “This capability enables us to perform automated response to events detected with SIEM platforms, such as Arcsight or Splunk. This feature will save about 40 minutes of analyst time per incident. The API integration with our SIEM is an important force-multiplier for our existing staff by leveraging the power of automation.”
Other new features built into AD Enterprise 7.1 include parsing support for APFS (Apple File System), added encryption support for Dell Data Centric and Full Disk Encryption, Python scripting enhancements and nine new parsers for mobile data analysis.
“AD Enterprise is the only solution in the marketplace that can perform comprehensive end-to-end post-breach forensic investigations within a single tool by collecting all sorts of complex data types directly at the endpoint, performing memory analysis and executing targeted collections on any file attribute,” said Ewasko.