2. Saturday, May 17, 2014 slide 2
• Many daily alerts, even after advanced aggregation and correlation.
• Investigating a server/workstation is not always possible due to lack
of physical access, tools, time or knowledge.
• Just starting an investigation may take hours or even days – long
after the initial alert was triggered.
• Relevant evidence are hard to collect and analyze.
3. • Start an investigation for every single alert within seconds.
• Get to every host in the network regardless of physical location.
• Collect and analyze relevant evidence.
• Get actionable and refined data from the investigated host ASAP.
Saturday, May 17, 2014 slide 3
4. • Automatically deploy (and remove) ECAT agents across the network.
• Automatically scan hosts with multiple scan configurations.
• Automatically collect scan results from ECAT with full analysis data.
• Automatically react to the presence of a suspicious module.
Saturday, May 17, 2014 slide 4