The previously time-intensive manual process of launching an investigation has been speeded up by an API that integrates seamlessly with cybersecurity platforms. Upon detection of an intrusion, network data collection is automatically triggered thereby maximizing response speed and immediately preserving evidence that could have been lost if the data collection was delayed.
AccessData says that its new API will be available for a single perpetual license fee for use with an unlimited number of software tools.
Here is an excerpt from a press release published in Forensics Focus:
Here is how it works: The API enables a secure connection between a client’s cyber platform (e.g., Demisto, Phantom, etc.) and any compatible AccessData product, such as AD Lab or AD Enterprise. If the cybersecurity software detects an attack, it sends an alert that is received by the AccessData software, which initiates a collection job at a designated endpoint. This saves precious time in the initial stages of the incident response by preserving data relating to the root cause of the breach.
“The new AccessData release contains a critical API option that will allow our team to integrate our SIEM platform with our forensic platform,” said Scott Sattler, forensic consultant from SecureLabs.net. “This capability enables us to perform automated response to events detected with SIEM platforms, such as Arcsight or Splunk. This feature will save about 40 minutes of analyst time per incident. The API integration with our SIEM is an important force-multiplier for our existing staff by leveraging the power of automation.”
In addition to its integration with cybersecurity platforms, the new API also integrates with case management systems, e-discovery applications and other third-party software tools that are connected to the digital investigations workflow. This integration speeds up the investigation, and also reduces the risk and expense of passing data between platforms.