ResolutionOne Platform

The ResolutionOne Platform™ is a Continuous, Automated Incident Resolution (CAIR™) platform, delivering the workflows and capabilities necessary to detect, analyze, and resolve any data event—from security breaches to e-discovery and other Governance, Risk and Compliance (GRC) issues. It is the industry’s only combined platform and works seamlessly across business units. ResolutionOne Platform integrates network, endpoint and malware analysis, end-to-end e-discovery and remediation technologies into a single, scalable solution. This makes it possible for all security, legal and compliance teams to do their jobs using one platform, automating tasks and collaborating in real time to address virtually any security incident or legal matter.


  • Software Point Products
  • Hardware Redundancy
  • Agent Fatigue
  • Database Redundancy


  • On License Fees
  • Software Maintenance Costs
  • Training Expenses
  • Services Charges


  • Security
  • Compliance
  • Response Times
  • Human Resources
Integrating my SIEM with AccessData’s ResolutionOne Platform has reduced our response times from 12 hours to 2.5 hours. That’s an 80% reduction in response time.
Golan Ben-Oni, CSO and SVP, Network Architecture
IDT Corporation

The Cyber Intelligence and Response Technology in the ResolutionOne Platform integrates network, endpoint and malware analysis, large-scale data auditing  and remediation capabilities for a solution that doesn’t just deliver rapid detection and response; it delivers Continuous Automated Incident Resolution.

Endpoint Threat Detection
  • Real-time threat monitoring, auto-correlating with integrated ThreatBridge™ library.
  • Hunt threats using IOCs and YARA rules with customizable known file filter to remove noise.
  • Signature-less malware detection, with Cerberus triage and analysis. No sandbox required.
  • Bi-directional removable media monitoring.
  • See all activity, including Internet communications, even when traveling / telecommuting employees aren’t VPN’d into the network.

Mobile Endpoint Monitoring
  • First of its kind to provide real-time proactive mobile endpoint monitoring, threat detection and analysis.
  • First to support iOS and Android devices for greater data collection and visibility.
  • Auto-correlates mobile data with ThreatBridge™ to identify any known threats
  • Detects threats on the mobile device such as malware and communication with known malicious IP addresses,
  • Provides visibility into network communications and running processes to identify anomalous activity.

Network Threat Detection

  • Full packet capture.
  • The only technology that also provides host-based packet capture.
  • Detect anomalous behavior on network and endpoints indicative of hacking and APTs.
  • Capture and analyze Web, chat and social media.
  • Decrypts SSL and SSH.
  • Monitors 2500 protocols and all 7 layers of the OSI stack.

Automate Alert Validation and Incident Response with SIEM, Next-Gen
Firewall and Next-Gen Malware Detection Integration

  • Automated response and remediation capabilities. (See IDT Corporation Case Study.)
  • Launch operations and view analysis in either SIEM or CIRT Platform.
  • Automatically isolate compromised endpoints in seconds.
  • Alerts from next-gen tools are auto-validated by confirming the malware has executed at the endpoint(s).
  • CIRT can automatically provide endpoint analysis (live response data, memory or even full disk image), as well as network communications data when triggered by an alert.
  • Easy to configure and customize automation parameters.

ThreatBridge Functionality Integrates Threat Intelligence with Incident Resolution

  • Ingests multiple formats of threat intelligence and IOCs from multiple sources.
  • Monitor both network and endpoints against ThreatBridge library.
  • Easily define automatic response to and remediation of detected threats.

Full-spectrum Incident Analysis with Integrated, Comprehensive Remediation

  • Forensic Toolkit® (FTK®) technology.
  • Advanced volatile/memory analysis.
  • Visibility into Windows®, Apple®, Linux®, Solaris and AIX® hosts.
  • BlakBox™ incident replay for endpoint activity and network communications.
  • Determine the behavior and intent of suspicious code in seconds with Cerberus malware triage.
  • Quickly correlate endpoint and network analysis to facilitate root cause analysis, visualize propagation and understand all actions being taken by the threat.
  • View content of files intercepted from network communications.
  • Enterprise-wide compromise assessment to identify all affected nodes.
  • Right-click process kill.
  • Batch remediation, including remote reimaging and surgical remediation

Real-time Collaboration

  • A “virtual war room” for all teams (Security Operations, Network Security, Forensics, Malware and more).
  • All data is accessed through single console to facilitate correlation and collaboration.
  • Work synchronously to detect, analyze and remediate compromises.
  • Easy reporting up and down the chain of command.

The ResolutionOne Platform™ integrates key capabilities for handling the spectrum of information security and legal business problems. It is the first combined platform and works seamlessly across multiple departments. The integration of AD eDiscovery and Summation technologies give organizations the industry’s leading end-to-end e-discovery capabilities.

Litigation Hold

  • Easy-to-use and wizard-driven.
  • Hold notifications can include documentation, interview questions, notification to other required entities.
  • Real-time hold status.
  • Comprehensive reporting.


  • Collect from workstations, mobile devices, laptops, network shares, email servers, databases and 30+ structured data repositories.
  • Collect all custodian data (even when custodian is off-network) or perform a targeted collection.
  • Perform incremental collections on data that has changed since a previous collection or pick up where an interrupted collection left off.
  • Reuse & associate collections with multiple cases.
  • The only solution that enables discovery and preservation of ESI on mobile devices.


  • Process 700+ data types as you collect, while maintaining chain of custody.
  • Distributed processing for increased efficiency and greatly reduced processing time.
  • Automatically identifies and categorizes data, even encrypted files.
  • De-duplicate email and ESI across the matter or for a specific custodian, de-NiST and OCR.

Early Case Assessment

  • Cull data by custodian, data source, document metadata and type.
  • Email threading and analytics.
  • Advanced search with hundreds of unique data filters.
  • Custom tagging and bookmarking.
  • Export to all industry standard load files and EDRM XML.

Final Review and Production

  • Includes all Summation capabilities.
  • Scanned document, electronic document, email and transcript review.
  • Production tools including bates stamping, burned-in redactions and production history.
  • Advanced search, with keyword, concept and '4-D'.
  • Integrated Technology Assisted Review (“TAR” or “Predictive Coding”).
  • Integrated visualization module with graphic representation of case data.
  • Redact in near-native view with word boundary support.
  • Native Concordance database migration for direct loading into Summation.
  • Imports Concordance & Relativity load files.
  • Exports Concordance, Relativity, Ringtail, iConect, Introspect & EDRM XML load files.
Response Time

AccessData announces the release of ResolutionOne Platform, a comprehensive integration of AccessData’s cybersecurity, e-discovery and enterprise investigations technologies. ResolutionOne Platform is the first Continuous, Automated Incident Resolution (CAIR) Platform and works seamlessly across all departments to deliver automated detection, analysis, response and resolution. Security, Compliance and Legal teams can all rely on ResolutionOne Platform to address any cyber threat, mobile and BYOD risk, GRC (Governance Risk & Compliance) issues and eDiscovery. Over 130,000 users in corporations, law enforcement, government agencies, and law firms around the world rely on AccessData.


from the blog