at Your Fingertips
Gathering forensics after a system compromise is ugly, unglamorous work that is also absolutely vital.
Forensics tell you what happened, when it happened,
and who was involved.
Instant high level forensic analysis. With enSilo, forensics are different, this is because our comprehensive endpoint security platform stops malware. The threat is rendered inert and a single alert with detailed and contextual enrichment data is sent to the security team. Automatically.
This means your staff can conduct a forensics review and complete their remediation tasks knowing that your data is safe, and that they have time to complete a thorough investigation.
One Alert Per Real Threat
When enSilo stops a threat it sends an alert. There are no false-positives, no questionable detection wild-goose chases to burden your incident response team with. With enSilo you know that it caught someone red-handed and it instantly provides you a full summary of what happened with all of the forensic detail you could hope for.
When you receive an alert from enSilo you get:
- The process that was stopped from communicating or encrypting
- The endpoint that was infected
- Path to execution
- Shows code/script involvednt
- Grab memory from the endpoint
- The process of the executable causing the problem
- Destination IP it was trying to communicate with
- Time of event
- The policy context that caused enSilo to block the event
The Forensics Tab
By selecting the forensics tab in enSilo, you get a simple to use, visual breakdown of the activity that led to enSilo blocking an action.
enSilo allows you to drill down into each part of the event, so you can see the full context of each step of the attack, with fully enriched data on processes, decisions, and actions.
You’ve Got Plenty Of Time
enSilo stops malware from communicating or making unauthorized file modifications. We block the attack in real-time so your security team has all the time they need to concentrate on gathering forensic data and conduct remediation tasks.
Your security staff can see the full context of the attack, and even retrieve device memory.