OpenText Endpoint Forensics & Response
即時揭露、控制及修復威脅
確定您的DFIR準備度進行快速測驗
兼具鑑識精準度和即時回應能力
您的安全團隊面臨快速調查和回應網路威脅的迫切需求,以便將損害降到最低、保存證據,並恢復信任。將混亂轉化為可執行的洞察力。
為什麼選擇 OpenText 端點鑑識與回應?
賦予SOC近乎即時的威脅遏制能力與深度鑑識可視性。快速調查攻擊、隔離端點並快速修復威脅,減少滯留時間、保存證據並提升網路韌性。
- 75%
威脅回應時間的改善
透過整合的端點隔離,團隊可以立即遏制威脅,無需離開調查工作流程,從而縮短回應時間。 - 4 倍
威脅緩解更快速
直接從鑑識工作流程中中和惡意或未經授權的檔案,消除威脅的同時維持證據的完整性。 - 100%
控制威脅環境
實現風險活動的即時可見度並採取行動,不受限於其他團隊、工具或實際存取條件。
使用案例
我們的 DFIR 解決方案對於資料外洩調查、內部威脅偵測、法規遵循、勒索軟體回應、威脅狩獵和電子發現非常重要。它賦予SOC團隊揭露根本原因、遏制威脅,並確保報告具防禦性的能力。
-
揭露可疑的員工或承包商行為,例如資料竊取、破壞或不當存取。利用端點證據、檔案存取日誌、登錄分析及行為鑑識來建立可辯護的案件。
-
識別被入侵的系統、隔離受影響的端點、終止惡意進程,並刪除或隔離受感染的文件,且不中斷運作。
-
主動利用檔案雜湊、網域、IP 位址及自訂 YARA 規則,搜尋入侵指標 (IoC)。偵測傳統工具可能遺漏的隱藏威脅。
-
追蹤感染途徑、確定影響範圍、識別勒索軟體變種,並支援復原工作。重建攻擊時間線,以了解入侵事件如何發生。
-
透過提供防篡改的證據收集、保管鏈的完整性,以及完整的法證文件,滿足 GDPR、HIPAA、PCI-DSS 和 SOX 的要求。
-
調查國家級或高階技術行為者的活動。跨長時間範圍,重建攻擊者行為、登錄操作,以及工具使用情形。
主要功能
OpenText Endpoint Forensics & Response 可隔離受攻擊的端點、消除主動威脅並找出根本原因,使安全團隊能夠精準地縮短停留時間、控制風險,並保障企業營運。
企業級端點可擴展多達 1,000,000 個端點
支援企業範圍的調查,效能不打折,全球環境皆適用。
成品導向的工作流程
可讓分析師快速分流端點,而非對整個系統進行影像處理——這在分秒必爭的即時事件回應過程中,是一個關鍵的優勢。
綜合威脅分析
使 DFIR 團隊能夠標記已知的惡意指標,例如執行中的進程、IP 位址、檔案雜湊或 DNS 快取。此早期警告有助於在威脅升級之前識別和中和威脅。
零信任自動化框架
支援零信任環境中的集合。該集合每五分鐘檢查一次,無論端點是否在 VPN 上,都能提供近乎即時的端點狀態和活動可見度。
端點隔離
即時包含威脅,同時保留鑑識存取權限,在考量到背景的情況下阻止橫向移動。
檔案與流程修正
能在不中斷營運的情況下中和惡意檔案,同時立即阻止活躍威脅,這對於降低攻擊影響至關重要。
支援 YARA 的 IoC 掃描
主動偵測威脅,使用自訂規則以提升偵測的精確度與廣度。
登錄搜尋和即時修復
即時識別並停用持續性機制,是徹底消除威脅的關鍵。
加速實現 OpenText Endpoint Forensics & Response 的價值
Add-ons
探索整個 OpenText DFIR 解決方案組合,旨在偵測、調查並回應網路安全事件,透過收集與分析數位證據,幫助組織了解攻擊的性質、範圍與影響。
-
謹慎地收集、保存和控制電子儲存資訊(ESI),以便於訴訟、調查、法規回應和電子取證
OpenText™ Information Assurance
-
更快地捕捉、收集及分析關鍵的行動裝置證據
OpenText™ Mobile Investigator
-
高效能且可攜式的解決方案能擷取和分析數位證據,確保在遠端及實驗室調查中保持速度、完整性和可靠性
OpenText™ Forensic Equipment
專業服務
OpenText 專業服務將端到端解決方案的實施與全面的技術服務相結合,以幫助改善系統。
-
尋找一位值得信賴的夥伴來引導您的資訊管理之路
您的成功之旅
-
加速您的資訊管理之旅
諮詢服務
-
利用現代解決方案,推動您的業務邁向未來。
NextGen 服務
-
發揮資訊管理解決方案的全部潛力
客戶成功服務
合作夥伴
OpenText 協助客戶找到合適的解決方案、適當的支援和適當的結果。
-
搜尋 OpenText 的合作夥伴目錄
尋找夥伴
-
探索 OpenText 的合作夥伴解決方案目錄
應用程式市集
訓練
OpenText學習服務提供全面的賦能和學習計劃,加速知識和技能的提升。
-
學習如何使用 OpenText 軟體來快速且可靠地調查嫌疑人的數位足跡
OpenText 學習服務
OpenText Endpoint Forensics & Response resources
-
It’s a unified platform that combines deep digital forensics investigation with near real-time incident response, allowing SOC teams to investigate, isolate, and remediate threats all from a single platform.
-
OpenText Endpoint Investigator performs remote, forensically sound evidence collection at scale (on- or off-VPN) to help investigators see what happened. OpenText Endpoint Forensics & Response adds incident response capabilities, enabling SOC personnel to act on what happened by containing impacted endpoints faster and accelerating recovery. OpenText Endpoint Forensics & Response provides complete DFIR capabilities in a single platform and is the unsung hero of cybersecurity. Customers who already have OpenText Endpoint Investigator (the DF part of DFIR) can add incident response (the IR part of DFIR) functionality simply by purchasing an add-on to their existing deployment.
-
EDR tools focus on detection and alerts. SIEMs aggregate data. OpenText Endpoint Forensics & Response is designed for action, offering built-in forensic capabilities and response workflows, including endpoint isolation, file deletion, registry remediation, and memory analysis. It also facilitates SOC workflows by offering robust APIs that connect with existing SIEM, SOAR, and threat intelligence tools, enabling automation of response workflows, contextual enrichment, and playbook orchestration across your security ecosystem. SOC professionals can dig deep into forensic evidence and take direct response actions all in a single interface, resulting in faster decision-making.
-
Term licenses are available in one-, two-, or three-year terms. Pricing is based on a per-node model in which each license permits deployment on a specified number of endpoint “nodes” within your network. Once a node is covered, you gain unlimited usage of key components on that node.
-
OpenText Forensic is a digital forensics tool that has no response capabilities. It is designed for lab-based forensic analysis of seized or powered-off devices. OpenText Endpoint Forensics & Response is a complete DFIR solution designed for enterprise SOC teams, internal investigators, and incident responders needing to conduct remote, live endpoint data collection and triage.
-
Yes. Analysts can isolate Windows endpoints, terminate malicious processes, and securely delete files in near-real time, without disrupting forensic access or switching to another tool. These capabilities are natively integrated into the investigation workflow.
-
The platform is designed to operate under zero-trust principles, with secure, off-VPN data collection, robust access controls, and centralized command. It ensures no data is exposed during investigations, even in compromised environments.
-
It’s optimized for insider threat investigations, ransomware response, APT detection, endpoint triage, and compliance-driven audits. Use cases range from real-time breach containment to HR investigations and regulatory response. Built to support over one million endpoints, it offers automated agent deployment, real-time check-ins, and scalable collections across global environments, making it the ideal digital forensics and incident response solution for large SOCs managing thousands of endpoints.
Why DFIR is the missing piece in your Zero-Trust strategy
Digital forensics and incident response closes security gaps and aligns with zero‑trust architecture.
Read the blog
DFIR: The unsung hero of cybersecurity
Learn how integrating DFIR into your security strategy transforms a reactive posture into a resilient one.
Read the blog
Deliver faster, deeper, and more defensible digital investigations
OpenText DFIR tools bring speed, depth, clarity, and legal defensibility to digital investigations.
Read the blog
Enhance secure information management with DFIR
DFIR and information management unite to protect data, boost compliance, efficiency, and resilience.
Read the blogOpenText Endpoint Forensics & Response
Read the product overviewA day in the life of a SOC analyst with DFIR
View the infographicWhy it pays to act fast with OpenText Endpoint Forensics & Response
View the infographicOpenText Endpoint Forensics & Response
Read the product overviewA day in the life of a SOC analyst with DFIR
View the infographicWhy it pays to act fast with OpenText Endpoint Forensics & Response
View the infographicSee what others miss: OpenText Endpoint Forensics & Response in action
Watch the video
Precision under pressure: Investigate fast and respond faster
Watch the video
賣出下一步
回應&儲存
