Mobile Endpoint Detection & Response

A modern mobile Endpoint Detection and Response (EDR) solution which is designed to enable automated Incident Response (IR) within minutes thereby dramatically reducing IR expenditures and empowering internal IT stakeholders to gain advanced cyber security expertise and IR capabilities without the need to contract a specialist 3rd party IR provider.

A solution that exhibits wide-ranging features and delivers the following benefits:

• Detection of attacks ranging from script kiddies to APTs.
• Reduction of DFIR time from 6+ months per device to minutes per device.
• Seamless and effective advanced DFIR investigations for devices.
• Possibility to scale and to cover thousands of devices – proven deployments with tens of thousands of devices in one environment.

In short: a solution that helps to detect attackers' mistakes, burn attackers' exploits, and persistence mechanisms, as well as increase attackers’ costs to execute their campaigns.

An agentless Mobile EDR solution that requires minimum deployment efforts and automates Digital Forensics and Incident Response (DFIR) solution, without the need to jailbreak iOS devices but with the objective to provide advanced DFIR capabilities in near-real time and at scale for both Android and iOS.

By using this solution you can enable Security Operation Centre (SOC), Incident Response, and IT teams to extract crash and dump logs from devices and automatically analyze operating system and application crashes to perform memory integrity and system checks coupled with in depth device diagnostics.

Market leading capabilities in identifying advanced cyber security threats targeting mobile devices and helps to reduce digital forensics investigations time from months to minutes.

Extracting crashes and device logs from both iOS and Android devices can be done in multiple ways:

• A computer with automated software to collect logs (no UI).
• A computer with automated software to collect logs (with UI).
• Kiosk at designated locations (Executive floor, SOC, CERT, etc).
• Portable IOT collector provided to SOC / CERT / Executives.

Three deployment options are possible:

• Vendor Cloud - preferred option.
• Customer Cloud - vendor will not have visibility to any of the comments / tags / names of devices. The anonymized analysis will be done on the vendor infrastructure.
• On-premises offline / air-gapped networks - full image provided with offline support for air-gapped networks.

SOC and Incident Response use-cases and examples

• Advanced Persistent Threat (APT) detection & Mobile Threat Hunting - discover APTs through initial exploitations attempts, lateral movement and malware persistence phases; mobile threat hunting capabilities not available in any other way.
• Pre and post travel inspection for mobile devices - perform Pre & Post Travel checks for executives and VIPs that have access to sensitive data.
• Instant Risk & Compromise assessment - At-scale / on-demand frequent device analysis through collection of device logs through PC/Mac automatically (with or without UI).
• SOC Analysts - Empower SOC analysts to gain advanced DFIR insights.
• Incident response automation - near real-time in-depth automated analysis of devices further to a suspected device tampering or a security incident.
• Remediation automation - Automated remediation of compromised devices by adding to a special group in MDM.
• Organisation-wide disinfection - remove threat actors from all affected devices in your organisation; detect cyber espionage campaigns.

Digital Forensics & Incident Response (DFIR) for Mobile Devices is oftentimes benchmarked against Mobile Threat Defense (MTD), Enterprise Mobile Management (EMM), and Lawful Interception Forensics solutions.

Compared to MTD & EMM solutions, Mobile Forensics solutions provide advanced DFIR capabilities in near real-time thereby enabling to execute up to Tier-3 level analysis on iOS and Android devices. DFIR for Mobile Devices empowers analysts and researchers to perform Root Cause Analysis (RCA) followed by an organization-wide disinfection seamlessly and without the need to have an extensive DFIR expertise.

iSOC24 carries the Mobile Forensics and Incident Response solution of ZecOps in its portfolio. ZecOps is the only MTD solution that provides the capability to extract, deliver, and analyze mobile device logs for signs of compromise or malicious activity.

If you would like to learn more please contact one of our specialists to hear about the advantages of Mobile Forensics and Incident Response within your organization.