Digital Investigations of Any Kind

decisioncrunchNetworking and Communications

Nov 20, 2013 (3 years and 6 months ago)

92 views

www.accessdata.com


Digital Investigations of Any Kind


ONE COMPANY





Cyber Intelligence
Response Technology

(CIRT)








Who we are..


AccessData has been in this industry for
over 25 years


Offices in Utah, Houston, San Francisco,
London, Virginia, Maryland, Frankfurt,
Dubai, Australia and China


Market leader/ Best of breed technologies
in Forensics and eDiscovery


130,000+ Clients Globally


Train over 6000 customers each year


Sustained annual growth year after year of
between 60%
-

80%


Gartner recognized as an Innovator in the
space

AccessData Product & Services
Host
-
based Forensics

Including Volatile Data

Data Audit

Paradigm Shift: An Integrated Platform

Network Forensics

Security / Process Functions
High Entropy
Dynamic Loading
Imports Process Manipulation
Functions
Imports Security Functions
Removable Media
Monitoring

Malware Threat Scoring &
Analysis

Integrated analysis in a single
platform w/ built
-
in remediation

CIRT


Cyber Intelligence &
Response Technology

SSL Decryption

The Value of an Integrated Platform

Integrated Platform

DATA SPILLAGE


Organization proactively
performs audits using terms,
such as
“confidential” or “top
secret”.

All instances flagged for
removal in accordance with
policies.


VIRTUAL WORKFORCE


L
aptop
checks in at intervals
to be
scanned
for
anomalies which are
all recorded, including
network
and USB
activity. Remote
monitoring helps to identify any
data theft or security breach.

INTRUSION ALERT


Unauthorized
port 443
traffic. Visualize
communications, drill down into suspect
host.
Perform behavioral
forensic
analysis.
Honeypot
avoidance, crypto, dynamic
loading, high entropy and other criteria
indicate malware.

Batch remediation function
is
leveraged.

CREDIT CARD
INFORMATION REPORTED


Help desk is called alerting them
that employee discovered credit
card information on an unsecure
location. Company reactively
conducts PCI audit to locate
exposed credit card holder info.

I
nstances are wiped. Findings
are reported
.

ADVANCED MALWARE
AND ZERO DAY DETECTION

Proactive monitoring and the
identification of malicious code
behavior on multiple computers.
Perform differential analysis of volatile
data, perform malware analysis/ threat
scoring. Analysis reveals malicious
processes. Scan large enterprise for
defined processes and/or similar
behavior and issue batch remediation.
Monitor for recurrence.

Multi
-
Team Collaboration for Improved Emergency Response

Incident
Response
Team

Information
Assurance
Team

Network
Security
Team

Compliance
Team

Computer
Forensics
Team

Introducing SSL Locksmith!!!

Encrypted Traffic is Exploding


Encryption is an integral part of cloud

computing and is used to secure

e
-
commerce, Web 2.0 applications, email

and VPNs



SSL is the de
-
facto encryption standard



SSL usage market data


SSL makes up more than 25% of traffic in most

networks


70% of traffic is encrypted in select verticals (health)


52% CAGR in percentage of SSL
-
based WAN traffic



A large number of enterprise and Internet
-

based Web 1.0/2.0
-
based applications use SSL


Microsoft
Sharepoint
, Salesforce.com, SAP, Oracle, WebEx, Windows Update, Google business applications
(Gmail, docs, sites), Instant Messaging

The increased amount of encrypted traffic in
networks creates new threats and problems
for network security

Over 1 million
SSL sites

on the net

How does SSL Locksmith Work


SSL Locksmith brokers SSL connections for its
clients, by validating, and creating new internal
certificates


Clients must have SSL Locksmith Certification
Authority certificate installed in order to broker SSL
transactions




Perform Review of Encrypted Web Content