Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Advertisements

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Security Life Cycle for Advanced Threats
Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.
Website Hardening HUIT IT Security | Sep
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
The Changing World of Endpoint Protection
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Network security Product Group 2 McAfee Network Security Platform.
Consistency in Reporting Data Breaches
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
RECLAIM CONTROL OF MOBILE AND DISTRIBUTED DATA January 13, 2016.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
© 2016 You Have Alerts. Now What? Brian Carrier VP of Digital Forensics Basis Technology 1.
Contextual Security Intelligence Suite™ Preventing Data Breaches without Constraining Business.
Why SIEM – Why Security Intelligence??
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
White Paper: Enterprise Encryption and Key Management Strategy 1 Vormetric Contact: Name: Tina Stewart (send traffic.
Defining your requirements for a successful security (and compliance
Protect your Digital Enterprise
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.
Understanding DATA LOSS PREVENTION
Comprehensive Security and Compliance at an Affordable Price.
“Introduction to Azure Security Center”
Security Standard: “reasonable security”
Active Cyber Security, OnDemand
Introduction to the Federal Defense Acquisition Regulation
I have many checklists: how do I get started with cyber security?
Securing Your Digital Transformation
Varonis Overview.
How to Operationalize Big Data Security Analytics
Healthcare Cloud Security Stack for Microsoft Azure
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Panda Adaptive Defense Platform and Services
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
The MobileIron® Threat Detection difference:
Detection Detect the breach and protect the data. By,
Microsoft Data Insights Summit
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Comodo Dome Data Protection
Presentation transcript:

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose, Validate, Triage, and Remediate Security Breaches

Page 2 Ultimate Goal of Security Business IntelligenceBusiness Intelligence Company Data

Page 3 What are Your Challenges? ? Would it be valuable to have a view of what was occurring on potentially affected endpoints? Would it be valuable to have a view of what was occurring on potentially affected endpoints?  Securing company assets and data in an every changing world  Understanding where company sensitive data resides  Keeping up with the ever changing landscape of threats  Increasing number of alerts  Prioritizing and responding to alerts  Controlling post-breach consulting costs  Auditing against and enforcing sensitive data policies  Being right 100% of the time…

Page 4 How Effective Is Your Security Posture? Preventive measures are important, but… Now What?

Page 5 And Time is of the Essence! *Source: 2012 Verizon DBIR While the responders are way over here The attackers are here

Page 6 Important Things To Consider Improving Your Security Response

Page 7 Faster Intelligence Gathering

 Broad Encryption support  Broad OS support  Ease, Speed and Flexibility of deployment and configuration  Forensic-grade visibility  Review capability  Policy enforcement mechanism Page 8 Key Requirements

 Protecting Company Data Is Number One Goal!  Compliance HIPAA, PCI-DSS, Data breach notification laws, risk mitigation Intellectual Property handling policies Proliferation of laptops/tablets has increased risk of data loss  Eliminate risk of sensitive data in unauthorized locations  Prioritize incident response  Enable definitive policy enforcement Page 9 Where Is Your Data?

Page 10 For The “Now What?” Help Is Available

Page 11 EnCase Cybersecurity  Endpoint Incident Response Mitigate the RISK of successful attacks through rapid validation, comprehensive scope assessment, and containment of security incidents Reduce the TIME delay between compromise, detection and response Reduce the COST and overhead of incident response leveraging existing people and technologies  Endpoint Sensitive Data Discovery Mitigate the RISK of sensitive data in unauthorized locations Reduce the TIME it takes to locate sensitive data and enforce regulatory and policy compliance Reduce the COST associated with data discovery processes that don’t easily scale and lack definitive enforcement

Page 12 How EnCase Helps Mitigate the Risks of a Breach System Integrity Assessments – Expose unknowns and known bad via scheduled audits Large scale volatile data analysis – Discover system anomalies and similarities, expose attack artifacts Near-match analysis – expose iterations of morphed code and variations of detected threats Deep forensic analysis – completely and thoroughly investigate any anomaly or breach Remediation – immediate address risk by killing running process and wiping related disk artifacts Integration with SIEM and alerting systems – visibility into potentially affected hosts the moment an alert is generated

Page 13 Automating Incident Response Data Collection

Page 14 Automating Response: How it Works Snapshot of target Results  Running processes (Validation)  Open ports & N/w connections (Scope Assessment)  Existence of sensitive data (Prioritization)  And more… IP Addresses Hash Values Attacker IDSFirewall

Page 15  Comprehensive visibility Covers multiple operating and file systems, including and document repositories Kernel level scans – locates deleted, in use and otherwise hard to see data locations Analyze metadata to quickly determine origin and where else errant sensitive data may reside  Built in templates for PCI and PII data, configurable for other data formats (account numbers, electronic health records, IP, etc.)  Scheduling capability to keep you covered  Web-based review and tagging  Securely wipe non-compliant data How EnCase Helps Find and Secure Sensitive Data

Page 16  EnCase forensic capabilities will investigate how the malware compromised the endpoint(s).  What was the delivery mechanism (e.g., USB drive, web page, , etc.).  What activity occurred before the compromise, during and after.  What type of data was possibly exposed or compromised.  Have we identified all of the compromised systems? EnCase Cybersecurity: Questions Answered

Page 17 What About A Different Approach?

Page 18  Allowing quick visualization of undetected risks or threats Exposing suspicious patterns, commonalities and anomalies Spotting unusual changes over time  Interactive interface allowing on-the-fly adjustments so you can zero in on the threat What If Your Data Offered A Visual Representation

Page 19 EnCase Analytics: Standard Configuration Variants

Page 20 EnCase Analytics: Account Trends Over Time

Page 21  World Leader in Computer Forensics, eDiscovery and Incident Response Company Founded in 1997 Publicly Traded Company on NASDAQ (ticker symbol = GUID) Since ,000 EnCase Customers World Wide Over 1,500 EnCase Enterprise Customers ▫ More than 65% of the Fortune 100 ▫ More than 40% of the Fortune EnCase eDiscovery Customers, 200+ EnCase Cybersecurity Customers 50,000 people trained on EnCase Guidance Software, Inc. Overview

Page 22 Mel Pless, Sr. Director, Solutions Consulting, Guidance Software Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.