|
Products
|
|
 |
|
 |
|
|
|
|
|
|
How You Respond Can Mean Everything
The last thing your organization needs after an incident occurs is to contaminate
the evidence. You not only need proper procedures for what to do following an incident,
you need the proper tools. P2 Enterprise gives you two options when it comes to tools.
P2 Enterprise resides on your network and can not only alert you to an incident
with its proactive features, it can allow you to immediately respond to an incident
with proper forensic care. P2 Shuttle Pro is your second option. This version
can be carried into a network on a laptop with a mass storage device for collecting
evidence, allowing you to respond to an incident wherever it occurs.
Do your Incident Response policies put your evidence at risk?
There are many aspects to Incident Response. Being made aware of an incident is the most important step. Whether you utilize P2 Enterprises features to detect a problem or you implement other procedures to alert you to problems, the next most important step is preserving your evidence. Too many IT security professionals contaminate potential evidence in their attempt to determine what happened. Another mistake being made is withholding evidence from Law Enforcement. There are situations where you are required to notify Law Enforcement of an incident. There are also situations where it is in your best interest to notify them if you want to pursue criminal charges. Some experts suggest you hold back in contacting Law Enforcement for fear of having vital components of your network taken down for an investigation. If you have a network forensic tool as part of your Incident Response, you don't need to worry about this because you'll easily collect forensic grade evidence from the machines in question without taking them offline for even a minute.
|
|
|
|
P2 Enterprise
|
|
|
Proactive Incident Response
With P2 Enterprise, you can be proactive in your incident response. By utilizing the many proactive features such as file tracking, illicit image detection, chat monitoring, and more, you can be ready at a moment's notice (or a feature's notice as the case may be) to respond to any incident on your network.
|
|
|
Immediate Response
Because P2 Enterprise resides on your network with covert agents in place, you can start gathering forensic evidence as soon as you become aware of a situation. Combine this with the monitoring features and not only can your response be as fast as a push of a button, evidence is much less likely to be destroyed.
|
|
|
Beyond Incident Response
Gathering evidence with a bit-stream forensic image is only the beginning. Advanced forensic analysis will tell the real story. By using solutions such as image mounting using P2 eXplorer and automated forensic analysis of e-mail, network e-mail, chat logs, registry files, and over 220 common file formats, you can complete a thorough forensic examination of whatever data may be pertinent to an incident.
|
|
|
P2 Shuttle Pro Drive Acquisitions
|
|
|
|
Portable Response - Consultants
P2 Shuttle Pro was designed to be able to be deployed quickly and easily to any location. With a laptop and a mass storage device for evidence collection, you can respond to any incident without invasive and costly interruptions to your network. In one case, a consultant using P2 Shuttle Pro saved thousands of dollars in travel and man hours by deploying P2 Shuttle Pro with a team of two rather than a team of seven that the job would normally have required. They passed this savings on to their client who subsequently started funneling all consulting jobs their way.
|
|
|
Portable Response - Network Security/Investigators
If your organization has its own security/internal investigations team, P2 Shuttle Pro can save you thousands of dollars every year by eliminating travelling to the site of an incident and collecting evidence quickly. With the ability to push out the agent to any computer on your network at the first sign of an incident, you will be able to perform an acquisition and analysis without the end user knowing it and without the need to travel to the location of the incident.
|
|
|
|
|
 |
|
 |
|
|
|
|