New Magnet Forensics app automates and coordinates cybersecurity response

A slow response to a data breach or other cybersecurity incident can cost businesses time and money, as well as damage their reputation. To help businesses accelerate their response to cybersecurity incidents, Magnet Forensics offers a new application, Magnet Automate Enterprise, designed to automatically trigger security breach investigations and synchronize incident detection and response tasks by third-party tools .

Magnet Forensics has a proven track record in developing investigative software for processing evidence from computers, mobile devices, IoT devices and cloud services, and has had a strong user base among the strengths law enforcement and government agencies. The new software is specifically designed for businesses, allowing them to retrieve evidence of security incidents from corporate networks and remote endpoints.

The problem that Automate Enterprise aims to solve is the significant delay often seen in response time to a cybersecurity incident, due to the manual handoffs involved in the process. Hours are lost due to, for example, delays resulting from employee shift changes, weekends and public holidays.

EDR, SIEM and forensic tools synchronization

Automate Enterprise is designed to automate basic, repetitive manual tasks around the clock without human intervention, integrating with EDR (endpoint detection and response) and SIEM (security information and event management) tools with post-incident. The goal is to automatically trigger a response to security incidents, coordinating the acquisition of evidence from multiple devices, computing environments and communication services.

A phishing email delivered in a corporate network and waiting for a user to click on it, thereby triggering a download attempt from a malicious third party, is a security threat or event that can be detected and thwarted with detection and response tools. However, if the malicious attempt is not stopped initially and the malware is deployed to a machine and begins encrypting data, the security incident requires a rapid response.

“Automate’s intuitive user interface will allow analysts to create custom workflows and quickly respond to cybersecurity incidents,” said Adam Belsher, CEO of Magnet Forensics. “Understanding that organizations depend on solutions from multiple vendors, Automate is uniquely designed to seamlessly integrate with our customers’ pre-existing cybersecurity and forensic tools.”

Any application with a command-line component or API can be integrated into a custom workflow in Automate, according to Belsher. Creating and executing a custom workflow with EDR, SIEM, and forensic tools can be done using drag-and-drop functionality, Belsher explains.

Automate enables companies to simultaneously process security-related data from computers, mobile phones, cloud storage environments such as Amazon Web Services and Microsoft Azure, and communication services such as Microsoft Teams and Slack.

Incident Investigation Workflow Automation

Automate coordinates security breach investigations and responses through what Magnet calls watch records. Watch Folders processes system images from any acquisition tool, even if they don’t have a command-line interface, including applications such as GrayKey, F-Response, and Tableau TX1 Forensic Imager .

Watch folders also allow users, via a visual workflow builder, to set up a file or network path that points to where the acquisition tool will save images. Triage features allow users to run scans only on defined areas of a disk, speeding up scan times. Users also use Watch Folders to set up automated workflows, synchronizing scans, triggers, and alerts from various security applications across an organization’s toolset.

“Traditionally, a workflow involved SIEM tools alerting security teams to a potential threat, a triage scan initiated to identify affected endpoints, and a digital forensic scan performed to investigate damage. Between each step, there would be a manual transfer which would delay the response time,” explains Belsher.

Help in an increasingly complex environment

There are many use cases for Automate as enterprises increasingly adopt complex and multi-faceted digital infrastructures, making them vulnerable to attacks and incidents. Faster response and recovery systems would be high on the priority list as organizations seek to contain the damage from these attacks.

“Automate claims to dramatically accelerate the multifaceted workflow associated with cybersecurity incident response,” says Gary McAlum, principal analyst at TAG Cyber. “There are already a lot of players in this market, but the opportunity for this particular company will be how it differentiates itself from other solutions.”

A detailed benchmarking of the product would include its scope of coverage (number of forensic items) and scalability, according to McAlum.

“Can their solution cover large-scale events, especially in large, heterogeneous IT environments where data and systems can be distributed across traditional on-premises and cloud environments. Many tools work well in localized environments, but quickly bog down in large, complex computing situations,” adds McAllum.

Copyright © 2022 IDG Communications, Inc.

About Donald J. Beadle

Check Also

New Profile Pic app: Does Russia collect personal data from Facebook users?

It’s a new internet craze that turns your Facebook profile picture into a painting or …