Wednesday, April 15, 2009

F-Response 3G is out!

Check out this post over on the F-Response site...Matt's released the lastest and greatest 3rd generation F-Response! I've got it and I have to tell you...it's pretty awesome! Check out the new features listed on the page.

The very first, most coolest thing I found about 3.09 was the installation...it was smooth and fast. Put iSCSI on your system, and then run the installer. It's that easy! Getting up and running is fast, too. Once you're ready, launching the F-Response Enterprise Management Console (FEMC) allows you to quickly and easily connect to systems and access physical memory (32-bit Windows), as well as physical disks and logical volumes. And, F-Response isn't just for Windows (including 32- and 64-bit for disks)...you can use it with multiple Linux distros, as well as MacOSX.

If you have any questions at all about how useful F-Response will be in your organization, check out the training videos. Honestly...this is quick look into how simply yet powerful F-Response is, and you can run through these during lunch, or while you're having a beer after a long day at work.

Folks, F-Response has quite literally changed the face of incident response! Where once was the day that systems would sit compromised until someone could get to them and acquire data, that data can now be acquired and analyzed quickly and efficiently, even from remote locations. This means that not only can consultants carry around an enterprise capability in their pockets, but on-site IT staff can begin staging collected data, even while management is on the phone getting the help they need. Hit with malware that AV doesn't recognize? What's your response time in getting someone on-site now...24 hours? 72? How about if when the issue occurs, you reach out with F-Response EE and grab the contents of RAM from a couple of systems, and when management gets some responders on the line, you already have a RAM dump available for analysis. If you already have a transfer mechanism set up, you could literally have answers WHILE YOU'RE ON THE PHONE, not 72 hrs later!

2 comments:

Anonymous said...

> on-site IT staff can begin staging collected data, even while management is on the phone getting the help they need

are you sure allowing potentially untrained staff to start collecting data is a good idea?

H. Carvey said...

"are you sure allowing potentially untrained staff to start collecting data is a good idea?"

No, not at all...why would you assume that they'd be untrained? You definitely do not want untrained staff doing any sort of response...which is why you'd train them.