In today's fast-paced digital landscape, as businesses of all sizes are moving to the cloud, cloud security becomes a top priority for organizations worldwide. With the ever-evolving threats and sophisticated cyber-attacks, it is crucial to have both robust measures in place to protect the crown jewels in your environment and the tools to respond effectively if such incident occurs. Once an environment is compromised, security and incident response teams need to quickly understand what the incident root cause was and the potential blast radius. Without the right tools and processes, this can be a very manual and time-consuming process, especially across different accounts and permissions. This need was recently emphasized in Gartner’s emerging technology report, citing that product leaders should adopt emerging cloud technologies such as Cloud Investigation and Response Automation (CIRA) to address demand for expanding data collection, analysis, collaboration and future business models.
Today, we’re excited to launch our Digital Forensics capabilities, helping organizations respond quickly to threats in modern cloud environments by gaining forensic-level detail on incidents automatically using a cloud-native approach.
After a security incident occurs, having the relevant data quickly and accurately is top priority, and it is crucial to not interrupt business continuity. When an organization is alerted on a potential incident, either from cloud detection & response or from an EDR solution, security and incident response teams can easily use Wiz Digital Forensics to copy volumes of the potentially compromised workload to a dedicated forensic account and then mount them for a deeper forensic investigation. This process that usually takes hours or even days can now be triggered at the click of a button with no overhead and maintenance needed from these teams. Using an agentless approach for copying volumes helps the teams avoid running intrusive scripts based on the different cloud provider APIs and does not impact the performance of running workloads.
Wiz Digital Forensics also allows those teams to immediately access the important security logs and artifacts of the potentially compromised machine directly by downloading a forensic investigation package that includes the information needed for the incident first triage. The forensics package is collected agentlessly without needing to run any collection tools or self-developed scripts on the compromised workload. Organizations that use our newly launched Runtime Sensor can also receive a runtime forensic package that includes information on running processes, commands executed, and IPs used for network connectivity.
Incident response in the cloud doesn’t have to be complicated or time consuming. Wiz Digital Forensics helps narrow the scope of the investigation significantly and automates the evidence collection process so security teams can move quicker to containment, eradication, and recovery.
In short, Wiz Digital Forensics provides you with:
Faster incident investigation: Enable security and incident response teams to collect the necessary information and collaborate over one platform to immediately start analyzing the root cause of an incident.
Seamless data capture across clouds: Gain forensic-level details into cloud and containerized environments by downloading forensic packages and on-demand copy volumes to any forensic accounts of compromised workloads.
Secure chain of custody: Provide organizations peace of mind by maintaining the relevant logs and artifacts in a raw and unprocessed form.
Our new Digital Forensics capabilities help security and incident response teams to investigate incidents faster with end-to-end forensics experience. You can learn more about Forensics in the Wiz docs (login needed). If you prefer a live demo, we would love to connect with you.