Network and Device Control
Control capabilities enable direct management over compromised or suspicious devices, ensuring containment and recovery:
Isolate a device from the network (Network Isolation): Disconnects an endpoint from the network to prevent threat propagation, while maintaining its communication with the BlackfishID platform for remediation.
Restore network connection (Network Reconnection): Allows restoring the connectivity of an isolated device once the threat has been neutralized or investigated.
Remotely shut down the device: Deactivates an endpoint remotely to stop malicious activity.
Restart the device: Restarts an endpoint remotely, useful for applying changes or clearing memory states.
Diagnosis and Visibility
For in-depth investigation and comprehensive incident visibility, BlackfishID provides advanced diagnostic tools:
Execute on-demand scans: Initiates a full or targeted scan at any time on a specific device.
Export forensic data from the device (Logs, Events, Evidence): Collects and exports detailed forensic data directly from the endpoint for external analysis.
View details of detected threats and events: Accesses detailed information about each threat or security event identified by the platform.
Threat Management and Remediation
BlackfishID enables active management and effective remediation of detected threats:
Quarantine malicious files: Isolates files identified as malicious to prevent their execution and propagation.
Delete detected malicious elements: Safely removes components and remnants of a threat.
Terminate malicious or suspicious processes in execution: Immediately stops the execution of processes posing a risk.
Revert changes made by malware (Rollback): Restores the system to a pre-attack state, undoing changes made by malware, if snapshot protection is enabled.