How Real Time Response Empowers Incident Response
In order to reduce time to respond to emerging threats, responders need deep visibility into the current state of any systems in the enterprise in real time, and powerful capability to remediate a confirmed threat instantly.
Real Time Response is a feature of CrowdStrike Falcon Insight. It empowers incident responders with deep access to systems across the distributed enterprise. It provides the enhanced visibility necessary to fully understand emerging threats and the power to directly remediate. This helps to dramatically reduce the time needed to respond to attacks and the likelihood of an attack becoming a costly breach. It does all this with zero impact on performance while leveraging existing sensors and cloud infrastructure.
Real Time Response It offers customers a set of built-in commands to execute against systems during a security investigation. The commands fall into two key categories:
Information collectors: These are used while investigating a threat in order to build a complete understanding of the risk and scope. These commands help responders to understand quicker. Examples include:
- Explore the file system and extract files
- List running processes
- Extract Windows event log
- Query Windows registry
- List current network connections and network configuration
- Extract process memory
Remediation actions: These are used to take an action on a system, to contain or remediate a threat. These commands help responders to act decisively. Examples include:
- Delete a file
- Kill a process
- Delete or modify Windows registry key or value
By leveraging the existing Falcon sensor, cloud and console, CrowdStrike is able to deliver Real Time Response capabilities to systems anywhere in the world, with zero incremental cost in terms of performance or infrastructure.