Remote systems can be easy targets for attackers. When these systems are compromised, responders need to work quickly to understand the attack and take action to remediate. The responders need remote system visibility and access since users can’t walk a laptop over to IT. Do responders have the visibility and context they need to understand the threat? Can they access the remote systems to take action?
Remote Remediation is More Important Than Ever
When a cyber attack is discovered, responders have two urgent goals: to understand the threat and then take action to remediate. Ideally, organizations should strive to isolate or remediate the problem within 1 hour: With only remote access to the system, visibility and quick remediation can be challenging.
Responders need full endpoint activity details and attack visibility to understand each step of the attack. To take action, they may need to contain a system outside the corporate network but still maintain access in order to collect information, kill malicious processes and remove any traces left behind by the attacker.
CrowdStrike Falcon empowers responders with deep endpoint visibility to rapidly investigate incidents and fully understand emerging threats. CrowdStrike Real Time Response (available with Falcon Insight and Falcon Endpoint Protection Pro) gives responders direct system access and the ability to run a wide variety of commands to remediate remote hosts, quickly getting them back to a known good state.
With Real Time Response, responders can easily contain systems – preventing communication to and from the host – and gather information including environment variables, network configuration and files that can be uploaded to the CrowdStrike Cloud. Real Time Response seamlessly interacts with the host, enabling responders to take a number of different actions including kill process, remove files or directory, put a file onto the system and manipulate the Windows registry using only a few clicks. This powerful tool also enables responders to run custom scripts and executables.
With Real Time Response, responders can dramatically reduce the time needed to respond to attacks – wherever they happen – and get back to business quickly.
Get immediate time to value, extend your visibility and protect your organization regardless of physical location. Try CrowdStrike’s Falcon platform for free: https://go.crowdstrike.com/try-falcon-prevent.html
Content Provided by Anne Aarness