Comparing Incident Response Solutions


Affordable, Thorough, Fast

Cyber Triage is faster, easier, and more thorough than Ad-Hoc processes, especially if the company does not have the resources to script and automate the process. Cyber Triage is cheaper than EDR and often does a deeper forensics investigation into the host.

Ad-Hoc Process
Cyber Triage
EDR
Cost Free $1,950 / Investigator Often $50,000+price / endpoint & user
Collection
Collects Malware-associated Artifacts
Collects User-associated Artifacts
Collects System Configuration Artifacts
Remote Collection With Scripting
Continuous Monitoring With Scripting Coming Soon
Single Step Collection With Scripting
Disk Images
Analysis
Displays Collected Artifacts
Assigns Threat Scores to Artifacts
Integrates with Threat Intelligence
Correlates with Past Incidents
Supports Team Collaboration
Integrates with SIEM and SOAR
Investigative Workflow
Reporting
Generates report based on investigative findings

In addition to Cyber Triage, companies are often considering other types of host-based investigative solutions.

  • Ad-Hoc Process: Using many tools to complete the end-to-end host investigation process. Many of the tools are command line, free, and produce text file outputs.
  • EDR: Endpoint Detection and Response agents are always running and collecting data. Their stored data can be used during the investigation.

If you’d like to try Cyber Triage yourself, sign up for a free evaluation of the full version.