New solution scans remote endpoints to identify malicious activity and helps businesses plan next steps
Magnet IGNITE can triage multiple remote endpoints at once to provide digital forensic and incident response teams with an early case assessment that will guide the next steps of their investigations into cyber threats. By quickly gathering intelligence and assessing a potential ransomware attack or an insider’s exfiltration of intellectual property, Magnet IGNITE helps enterprises understand where and when they need to deploy full forensic analyses.
“Our digital forensics and incident response teams have used Magnet IGNITE since its inception to get fast results, across a multitude of systems, that eliminate the need for extraneous deep-dive forensics,” said Ted Joffs, national incident response manager of Fortis by Sentinel Technologies. “In our investigations tied to ransomware activity, Magnet IGNITE has consistently generated results that identify indicators of compromise and threat actor activity within minutes. If we’re recovering data from 100 systems and Magnet IGNITE quickly identifies that only two of them require a full forensic analysis, we’re able to save hours of response time.”
Cybercriminals may only require minutes to successfully carry out a data breach, but security teams require an average of 69 days to contain them, according to IBM and the Ponemon Institute. The longer they take to identify and respond to a data breach, the greater the damage will be.
“During testing, we immediately saw the value that Magnet IGNITE brings to data breach investigations,” said Michael Nelson, the managing partner of CYBIR and former president of the Delaware Valley chapter of the High Technology Crime Investigation Association. “Data breaches can happen anywhere in the world and one of the most powerful features of Magnet IGNITE is that it allows us to investigate how they happened, actions the threat actors took and what data was exfiltrated, from any remote location. Our customers need these answers as quickly as possible to minimize business interruption and Magnet IGNITE has enabled us to provide them hours — and sometimes days — earlier.”
Full digital forensic analyses are a staple of post-incident strategies, but they can also take dozens or even hundreds of hours to complete on multiple endpoints. Security teams cannot afford to waste time and resources by running full forensic analyses on multiple endpoints that haven’t been impacted by an attack. Small and medium sized businesses, meanwhile, often do not have internal digital forensics capabilities or the resources to hire a third party to investigate every potential threat. Both require the means to quickly verify malicious activity and to narrow the focus of their investigations.
“When enterprises suffer cyber attacks, it is imperative that they react both quickly and efficiently to minimize down time and the monetary and reputational damages that come with it,” said Adam Belsher, chief executive officer at Magnet Forensics. “Magnet IGNITE is a strategic first-step for enterprises to turn to in their post-incident plans that can provide a quick and early assessment to pinpoint the systems involved with malicious or insider activity. With this information in hand, security teams can save time and resources by only performing full forensic analyses on impacted endpoints.”
Magnet IGNITE is the first solution to graduate from the Magnet Idea Lab, an incubator made up of a sizeable community of beta testers that help the company develop the next generation of digital forensics technology. Since March 2021, 263 users tested Magnet IGNITE. The group included professional service providers and Fortune 500 companies in the telecommunications, healthcare and technology sectors.
With Magnet IGNITE, enterprises can:
- Perform rapid and remote triaging of endpoints from anywhere, at any time with the cloud
- Scan internet history, cloud storage, USB connection history, installed apps, memory and other volatile data and recently accessed files and folders for malicious or insider activity
- Accelerate response to cyber attacks by triaging multiple remote endpoints at once
- Share findings with internal and external stakeholders using easy-to-use built-in web review tool
- Export findings to Magnet AXIOM Cyber to begin full forensic analysis of endpoints