New benefits include integration with STIX definitions and bulk import of YARA rules
Guidance Software, makers of EnCase®, the gold standard in forensic security, today announced EnCase® Endpoint Security version 5.12. Named the market leader in endpoint detection and response (EDR) by industry analysts, Guidance has focused this release on new features and streamlined functionality. This improves the efficiency of detecting and responding to cyber threats across a broader range of devices and provides a consistent solution across Mac OS, Windows and Linux systems.
“The sophistication of today’s cyber threats and adversaries continue to increase, as does the number of successful intrusions,” said Ken Basore, senior vice president at Guidance Software. “Coupled with our complete 360-degree visibility, the innovations in EnCase Endpoint Security version 5.12 empower security teams to detect, respond to and neutralize these threats faster and more efficiently across all platforms. Guidance can help our customers ensure an intrusion doesn’t lead to a major cyber incident or breach.”
In Version 5.12, EnCase Endpoint Security focuses on synthesizing workflow for security teams with:
- IoC Search Support for STIX definitions – Structured Threat Information eXpression (STIX) definitions can now be imported globally and used as filtering criteria in any investigation. Customers will be able to root out indicators no matter how well they might be hidden from other technologies, reducing the time it takes to detect and respond security to breaches in their network.
- Support for OS X 10.11 (El Capitan) – Guidance customers can deploy EnCase Endpoint Security agents across the newest OS for Macs. As the adoption of Apple desktops and laptops increase, the ability to detect and respond to threats targeting Apple’s OS becomes even more important.
- Accelerated Malware Analysis – Users can move selected files directly from web reports into a watch folder for a sandbox or malware analysis engine to retrieve and detonate. This greatly accelerates the malware analysis process.
- Improved VirusTotal Support – The VirusTotal workflow is better integrated into the incident response workflows provided by EnCase Endpoint Security. This makes it easier to identify malware incursions by comparing suspect data to an existing database of known threats.
- Bulk Import of YARA Rules – Customers will be able to combine scans against multiple YARA rules into a single search. This helps ensure security operation teams can spend more time analyzing data, and less time pushing workflows.
As part of Guidance Software’s forensic security suite, EnCase Endpoint Security version 5.12 is now available to EnCase Endpoint Security customers through Guidance Software authorized resellers. For more information on pricing, packaging and upgrades, please contact [email protected].