Cyber Black Box™ - recover from hacking attacks faster and better
If you’ve been hacked, an effective investigation and clean-up is essential. Cyber Black Box™ assists investigators do their job better with forensic data and logs, helping prevent repeat incidents and keeping remediation costs low.
Just as the flight recorder “black box” helps aviation investigators, the Cyber Black Box assists digital forensics investigators in piecing together the events leading up to a cyber incident.
A faster and more accurate resolution means better business outcomes – faster remediation, fewer repeat attacks, and even smoother cyber insurance claims.
Cyber Black Box™
- After a hacking incident, investigations can be difficult or inconclusive without the right evidence.
- Forensic evidence is often unavailable because it was intentionally deleted or never captured in the first place.
- If the root vulnerability goes unidentified, it can be exploited again, resulting in repeat hacks.
- Delays in the investigation can hold up cyber insurance claims.
Cyber Black Box™
- Investigations are faster and more accurate because a wide range of forensic information is captured by the black box.
- Evidence is further replicated to the system backups, and shielded from attack by CryptoSafeGuard.
- Helps investigators identify the root vulnerability so it can be remediated, helping prevent future attacks.
- All aspects of the recovery are made smoother.
What's in it for you ?
Now that hacking and ransomware are primary threat to business operations, everyone must prepare for the unexpected.
Prepare for the unexpected.
In order to determine the cause of a disaster, forensic data must be available to investigators. Such data must be collected prior to the disaster – otherwise it’s too late.
Cyber Black Box collects forensics data pre-emptively, meaning you’re effectively prepared for the unexpected.
Helps complete investigations faster
Less chance of repeat incidents
Assists with the cyber- insurance process
How is Cyber Black Box™ different ?
It requires no maintenance.
transparent
How does Cyber Black Box™ WORK ?
How can I get it ?
Cyber Black Box is included in our product suite:
Frequently Asked Questions
Why put the forensic logs in the backups?
Because backups are the perfect place to put them!
When forensic investigators try to piece together a timeline of events, they need to see how system activities change over time. That means understanding historic activities, such as network connections, registry and disk activity and setup.
But by the time an investigator is called to deal with an incident, it’s already too late – the investigator might be able to get the current state of the machine, but not what happened in the past. Further, most likely the hacker has already wiped the evidence.
What investigators need the most is a historical record of key pieces of information – just like a black box flight recorder does on airplanes. Backups are designed to keep old versions of data, even if the current version is destroyed.
Recording and putting the information in the backups will:
- Enable easy retrieval of historic forensic information that goes back days, weeks and months
- Preserve the forensic information even if the current system is hacked into and disabled.
What information is recorded?
- Basic system and software version info
- Detailed system info via WMI (including storage, features, hotfixes, drivers)
- Disks and volumes – critical volumes, partitions information
- Network connections and activity – current connections, port listeners, routing table, network statistics
- Process list
- Volume Shadow Storage details – providers, snapshots, volumes, writers and writer states.
Why aren’t other backup vendors doing this?
Simply, we’re the best. 🙂
But more seriously, our mission is to safeguard our clients’ future though cyber-resilience. That means solving your business problems, not just your technology problems.
If you get hacked and suffer losses, that’s a business problem. BackupAssist solves this in two ways:
- giving you system recovery options to get running again, and
- capturing forensic information to assist you when lodging a cyber insurance claim,
And of course, providing these features at a compelling price point.
The Cyber Black Box is another great example of how we’ve been at the forefront of backup and disaster recovery technology for the SME market.
Why do I require a BackupCare Subscription to use this feature?
BackupAssist Classic is sold under a modular pricing model, which means you can purchase exactly what’s right for you.
- Backup & Recovery only – purchase a BackupAssist Classic license.
- Backup & Recovery with Cyber-Resilience – simply add a BackupCare subscription on top of your license.
BackupCare provides you with ongoing cyber-resilience features such as Cyber Black Box and CryptoSafeGuard. As the cyber landscape is constantly changing, the BackupCare subscription enables you to stay up to date.