In our last post, Resolution1 Endpoint conquered malware in a *nix environment. In this installment, we explore how Resolution1 Endpoint can help you hunt for attackers across all operating systems. When it comes to hunting, you need the visibility to find what you’re hunting for and then the tools and agility to slay it.
Let’s start with the ability to find what you are hunting for. Unlike other hunting tools, Resolution1 looks at more than just the flat file system. It can look at memory, active processes and system registry. When you are investigating an incident this is a huge advantage. Here at Fidelis we’ve seen a significant increase in malware that doesn’t touch the file system and works entirely in memory. Resolution1 helps you find attackers that hide in memory.
Next, Resolution1 makes it easy for investigators to quickly access the tools required to hunt. An improved user interface streamlines the scanning process and provides easier access to hunting functions. You can also push out jobs to run against systems. Next, the new Taskboard includes a set of customizable job templates that are easily accessible in an organized menu and grouped by tasks. Investigators are able to create custom jobs and save them for future use. For example, when you are hunting for one type of web shell, you can create a template, add the web shell IOCs and run the scan. If a new web shell emerges, it’s easy to edit the existing template and re-run the job.
In many cases, organizations run investigations in an operational environment. In these situations, the ability to execute scans during the evening and weekend off-hours is critical. With Resolution1 Endpoint 5.8, you can run tasks at a scheduled time and make them recurrent if you want. The Job Status tab makes it easy to see the status and retrieve the job results in a filtered view that only shows the results from that specific job. A redesigned Alerts dashboard provides an analytical view of the system alerts and shows statistics related to alert responses and types.
Threat detection and remediation is all about speed. By using custom templates, improving usability and running new jobs immediately, security teams can contain and respond to breaches faster. At the end of the day, the two most important metrics to focus on are: how fast can you detect attackers in your environment and how fast can you find and stop them. Fidelis XPS and Resolution1 Endpoint can help with both.
-Ryan Vela
