Organizations often have multiple examiners assigned to individual investigations. Previously with AXIOM Cyber’s ad hoc agent deployment, one examiner could not connect to an agent already deployed to an endpoint under investigation, if they did not originally create the agent. With the latest update, AXIOM Cyber no longer restricts agent visibility to the unique user logged into the system.
You can upgrade to the latest version within AXIOM Cyber or over at the Customer Portal.
If you haven’t tried AXIOM Cyber yet, request a free trial here.
The Why Behind Agent Visibility
We love receiving feedback from the field around how we can continue evolving our products for our customers, and this is a perfect example of that. To highlight why this is such a great benefit for organizations utilizing AXIOM Cyber in their environments we’ll walk through a quick example below.
In our example we have three examiners investigating three endpoints. One each of Windows, Mac, and a Linux box. In versions of AXIOM Cyber 5.8 and earlier, if those three examiners each needed to connect to each endpoint there would be a total of nine agents needed to complete the investigation.
This, of course, is not ideal when time is of the essence and there is a duplication of work. With AXIOM Cyber 5.9, we’ve simplified both the agent management and deployment — allowing multiple examiners to connect to various agents without tying the agent to a specific user like in previous versions, and instead utilizing a device ID. The image below highlights the new feature with AXIOM Cyber:
Agent Visibility in AXIOM Cyber Version 5.8 and earlier
Agent Visibility in AXIOM Cyber Version 5.9+