New life in Evidence Collection and Incident Response: Binalyze AIR Patrol and TimelineIR
Recent research clearly shows that once an APT group finds a vulnerability in your system, it only takes a few hours to get what they need. Once you detect a security breach, time is no longer on your side. Every second you spend trying to figure out what's going on, you continue to lose money and reputation. That's why your analysts should be as fast as possible. Binalyze AIR is here with brand new features that will automate the workload and speed up the process. Binalyze AIR has gone one step further in the global competition thanks to the Patrol and Timeline IR features that come with the new 1.7.1 version. DFIR investigations are now up to a hundred times faster.
Patrol: From the moment the evidence is collected, anomaly detection is performed as False-Positive Free, and proactive and automatic reports are generated. In a work-from-home setup, you need to maintain dominance at the endpoints, no matter where the endpoints are and whichever network they are connected to. Simultaneous automated evidence search reporting at thousands of endpoints provides a fast and efficient way to do this.
TimelineIR: By placing all the evidence you have collected on a timeline during the collection phase, TimelineIR also allows many analysts to work at the same time. In this way, Binalyze AIR, which has already reduced your evidence collection time to minutes, greatly shortens your evidence analysis time.
This exciting release; In the light of the latest developments in the cyber world, you can watch our webinar, where we addressed the experts of the subject and answered the questions below, by discussing how KVKK and ISO27001/ISMS contribute to sustainability.
- What are the contributions of Binalyze AIR to the evidence collection process?
- What are TimelineIR and Patrol?
- What is the importance of TimelineIR and Patrol in terms of KVKK and ISO 27001?
- Can multiple analysts work on a simultaneous case?
- What is the proactive contribution of the new version to the incident response solution?
- Can devices such as SIEM, SOAR trigger Binalyze AIR?
- Can Binalyze AIR talk to SIEM?
- Where can the collected evidence be recorded?
- What is a passive agent and how much is its resource usage?
- What are the contributions of Binalyze AIR to incident response in working from home setup?
[vc_video link=”https://youtu.be/vFAWLkMcvfI” el_width=”100″]
[mnky_heading title=”SORU-CEVAP” line_color=”#dd1818″][vc_empty_space]
[vc_toggle title=”Deliller nerede toplanıyor?”]Toplanan deliller lokal olarak tutuluyor fakat bir ağ depolama alanı oluşturabilir ve tüm delilleri orada toplayabilirsiniz.
[/vc_toggle]
[vc_toggle title=”Delilleri topladıktan sonra parse işlemi yapılmıyor mu?”]
Since the evidence is parsed while it is being collected, no further parsing is carried out.
[/vc_toggle]
[vc_toggle title=”SIEM tarafından tetikleme yapılabiliyor peki AIR tarafından herhangi bir yere tetikleme yapılabiliyor mu?”]
Binalyze not only gets triggers from SIEM but also talks to SIEM. After receiving the trigger from Binalyze AIR SIEM, it sends Audit Logs to SIEM with Syslog integration.
[/vc_toggle]
[vc_toggle title=”Active Directory Deployment’ından bahsettiniz direkt AIR içerisinden tüm uç noktalara mı deploy ediliyor?”]
In endpoint installations, you can manually deploy agents to endpoints and deploy them to the endpoints you want via Active Directory. Endpoint agents are SCCM supported.
[/vc_toggle]
[vc_toggle title=”Peki resource usage ajanda nasıl bu kadar az olabilir çünkü diğer ajanların hepsi belli bir resource kullanıyor?”]
By using the passive agent method, Binalyze AIR keeps resource usage to a minimum by not monitoring anything at the endpoints unless you do an evidence gathering process. Besides, you can limit resource usage via Binalyze AIR Console to manage resource usage while you are collecting evidence.
[/vc_toggle]
[vc_toggle title=”Active Directory bilgilerini AIR a girmek sorun yaratmaz mı?”]
Binalyze AIR does not require any Admin account authority on Active Directory. To increase endpoint visibility, simply create a user with normal rights on Active Directory.
[/vc_toggle]
[vc_toggle title=”Çıkarılan raporların TheHive gibi Case Management’lara entegrasyonu var mı?”]
Hive reports integration will come automatically in future versions. Since the currently submitted reports are given in json format, manual integration can be done even now.
[/vc_toggle]
[vc_toggle title=”Patrol nedir tam olarak nedir?”]
Patrol False-Positive is a module that provides high visibility during the examination phase by detecting anomalies on the evidence collected as purified.
[/vc_toggle]
[vc_toggle title=”Patrol içerisindeki kuralları görebiliyor ve müdahale edebiliyor muyuz?”]
These rules will be published and announced on the Cloud in the near future, and you can view them on Binalyze's Github account. You will soon be able to add rules that can see these rules over the cloud.
[/vc_toggle]
[vc_toggle title=”Patrol’e toplu kural verilebiliyor mu?”]
In the near future, you can give a batch rule as a "ZIP" file and then apply it on your cases.
[/vc_toggle]
[vc_toggle title=”Kişisel olarak demo incelemesi yapabilir miyiz?”]
For your personal experience of Binalyze AIR here you can get your 1-month 100 endpoint supported license.
[/vc_toggle]
[vc_toggle title=”Scheduled Acquisition görünüyor ama Scheduled Investigationda yapılabiliyor mu?”]
Currently, Scheduled Acquisition is in progress, and Scheduled Investigation will be added to TimelineIR in the near future.
[/vc_toggle]
[vc_toggle title=”Ürünün güvenlik önlemi nasıl alınıyor düzenli pentest ve kod analizi süreçleri var mı?”]
Regular pentest and code analysis processes are performed on Binalyze AIR.
[/vc_toggle]
[vc_empty_space]
[mnky_heading title=”KONUŞMACILAR” line_color=”#dd3333″][vc_empty_space][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]Moderatör
Erdem Eriş
CyberArts
Kurucu & Genel Müdür[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_single_image image=”2721″][/vc_column_inner][/vc_row_inner][vc_separator][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]Emre Tınaztepe
Binalyze
Managing Director[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_single_image image=”2720″][/vc_column_inner][/vc_row_inner][vc_separator][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]Oğuzhan Kanar
CyberArts
Technical Account Manager[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_single_image image=”3727″][/vc_column_inner][/vc_row_inner]
[vc_row][vc_column][vc_cta h2=”” add_button=”bottom” btn_title=”TIKLAYIN” btn_style=”flat” btn_shape=”square” btn_color=”danger” css_animation=”fadeInLeft” btn_link=”url:https%3A%2F%2Fcyberartspro.com%2Fteklif-isteme-formu%2F||target:%20_blank|”]KVKK, ISO 270001, Bilgi Güvenliği, Siber Güvenlik ve Bilgi Teknolojileri konularında destek ve teklif almak için lütfen[/vc_cta][/vc_column][/vc_row]