Guidance Software Inc. (NASDAQ:GUID), the World Leader in Digital Investigations™, announced today that its EnCase® Cybersecurity product has demonstrated interoperability with HP ArcSight Enterprise Security Manager (ESM) and has received HP ArcSight Action Connector Certification.
The interoperability of EnCase Cybersecurity with HP ArcSight is the first-of-its-kind to automate incident response between event prioritization and time-sensitive response actions. This interoperability can reduce cyber attack response and remediation time to a matter of minutes or hours, from days or weeks.
“Cyber incidents are costing enterprises millions of dollars, countless staff hours and incalculable reputational damage,” said Alex Andrianopoulos, Guidance Software Vice President of Marketing. “The spike in cyber incident volumes has intensified the need for rapid and comprehensive capture, review and analysis of endpoint data at the moment of a security alert. We were pleased to work with HP on delivering technology that gives IT security teams what they need for the fastest possible response to incidents at every threat level.”
The interoperability of EnCase Cybersecurity with HP ArcSight ESM enables the automation of four areas of incident response.First is i mmediate forensic auto-capture of live system memory in order to validate detected threats and capture host-based threat data that would otherwise be lost. Second is capturing Internet history, artifacts and cache files in response to events leveraging browser-based vulnerabilities, data exfiltration through file-sharing services, or in response to inappropriate browsing alerts. Third is that IT security teams can now instantly prioritize response, giving them the ability to better manage the thousands of alerts that occur daily and maximize their impact. Incident response automation provides information on an attack in minutes, allowing security teams to scan for attacks on sensitive or controlled information and make those the top priority. Finally, security teams can conduct forensic audits against white- or blacklists in order to expose unknown processes and files, or to scan for exact and similar matches to previously detected threats. “Organizations are spending an increasing amount of time with limited resources responding to, and recovering from, cyber attacks,” said Buck Watia, Director, Business Development, Enterprise Security Products, HP. “The interoperability of HP ArcSight ESM with EnCase Cybersecurity provides customers with critical visibility into the state of potentially affected hosts at the time an attack is detected, along with the means to dramatically reduce the time it takes to resolve.”