The integration will enable the RSA enVision platform to automatically trigger an EnCase Cybersecurity incident response, including exposing, collecting, triaging and remediating data related to threats – essentially taking action on or gathering data about a security event that might otherwise have been inappropriately disregarded.
The interoperability of the two solutions will allow organizations to reduce the time it takes to remediate threats, thus reducing the high cost of response and the risk of exposing sensitive data to loss or theft.
“Industry experts suggest the average cost of responding to a single cyber attack was $5.5 million in 20111. Moreover, the time it takes an enterprise to respond to cyber attacks ranges from days for simple attacks to months for complex targeted attacks. The interoperability between EnCase Cybersecurity and RSA enVision platform will significantly reduce both the cost and the time it takes to respond to a cyber attack, allowing organizations to more effectively defend their networks and digital assets,” said Victor Limongelli, president and chief executive officer, Guidance Software.
EnCase Cybersecurity is endpoint incident response and data auditing software designed to eliminate the time gap between being alerted about a cyber attack and responding to that attack.
The latest version of the software includes a response automation API that gives organizations the ability to integrate the software with security alerting systems. Customers using the API can integrate all of EnCase Cybersecurity’s incident response capabilities into their SIEM environment and automate those functions that are most important to their security processes.
The RSA enVision platform is designed to enable organizations to simplify compliance programs and optimize security-incident management. The solution facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of enterprise log and event data. With the RSA enVision solution, incidents can be identified, prioritized, tagged with evidence, and passed along through the organization’s ticketing system.