www.accessdata.com digital investigations of any kind one company cyber intelligence response...
TRANSCRIPT
www.accessdata.com
Digital Investigations of Any Kind
ONE COMPANY
Cyber Intelligence Response Technology
(CIRT)
Who we are..
• AccessData has been in this industry for over 25 years
• Offices in Utah, Houston, San Francisco, London, Virginia, Maryland, Frankfurt, Dubai, Australia and China
• Market leader/ Best of breed technologies in Forensics and eDiscovery
• 130,000+ Clients Globally
• Train over 6000 customers each year
• Sustained annual growth year after year of between 60% - 80%
• Gartner recognized as an Innovator in the space
AccessData Product & Services
Host-based ForensicsIncluding Volatile DataData Audit
Paradigm Shift: An Integrated Platform
Network Forensics
Security / Process FunctionsHigh EntropyDynamic LoadingImports Process Manipulation FunctionsImports Security FunctionsImports Networking FunctionsRegistry Modification FunctionsFile Size DiscrepancyContains Autorun Strings
Removable Media Monitoring
Malware Threat Scoring & Analysis
Integrated analysis in a single platform w/ built-in remediationCIRT
Cyber Intelligence & Response Technology
SSL Decryption
The Value of an Integrated Platform
Integrated Platform
DATA SPILLAGE
Organization proactively performs audits using terms, such as “confidential” or “top
secret”. All instances flagged for removal in accordance with
policies.
VIRTUAL WORKFORCE
Laptop checks in at intervals to be scanned for anomalies which are
all recorded, including network and USB activity. Remote monitoring helps to identify any data theft or
security breach.
INTRUSION ALERT
Unauthorized port 443 traffic. Visualize communications, drill down into suspect
host. Perform behavioral forensic analysis. Honeypot avoidance, crypto, dynamic
loading, high entropy and other criteria indicate malware.
Batch remediation function is leveraged.
CREDIT CARD INFORMATION REPORTED
Help desk is called alerting them that employee discovered credit
card information on an unsecure location. Company
reactively conducts PCI audit to locate exposed credit card
holder info.Instances are wiped. Findings
are reported.
ADVANCED MALWARE AND ZERO DAY DETECTION
Proactive monitoring and the identification of malicious code
behavior on multiple computers. Perform differential analysis of volatile data, perform malware analysis/ threat
scoring. Analysis reveals malicious processes. Scan large enterprise for
defined processes and/or similar behavior and issue batch remediation.
Monitor for recurrence.
Multi-Team Collaboration for Improved Emergency Response
Incident Response
Team
Information Assurance
Team
Network Security
Team
Compliance Team
Computer Forensics
Team
Introducing SSL Locksmith!!!
Encrypted Traffic is Exploding
• Encryption is an integral part of cloud computing and is used to secure e-commerce, Web 2.0 applications, email and VPNs
• SSL is the de-facto encryption standard
• SSL usage market data– SSL makes up more than 25% of traffic in most
networks– 70% of traffic is encrypted in select verticals (health)– 52% CAGR in percentage of SSL-based WAN traffic
• A large number of enterprise and Internet-based Web 1.0/2.0-based applications use SSL
– Microsoft Sharepoint, Salesforce.com, SAP, Oracle, WebEx, Windows Update, Google business applications (Gmail, docs, sites), Instant Messaging
The increased amount of encrypted traffic in networks creates new threats and problems
for network security
Over 1 million SSL siteson the net
How does SSL Locksmith Work
• SSL Locksmith brokers SSL connections for its clients, by validating, and creating new internal certificates
• Clients must have SSL Locksmith Certification Authority certificate installed in order to broker SSL transactions
Perform Review of Encrypted Web Content