Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Published byAlannah McLaughlin Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,"— Presentation transcript:

1 www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose, Validate, Triage, and Remediate Security Breaches

2 Page 2 Ultimate Goal of Security Business IntelligenceBusiness Intelligence Company Data

3 Page 3 What are Your Challenges? ? Would it be valuable to have a view of what was occurring on potentially affected endpoints? Would it be valuable to have a view of what was occurring on potentially affected endpoints?  Securing company assets and data in an every changing world  Understanding where company sensitive data resides  Keeping up with the ever changing landscape of threats  Increasing number of alerts  Prioritizing and responding to alerts  Controlling post-breach consulting costs  Auditing against and enforcing sensitive data policies  Being right 100% of the time…

4 Page 4 How Effective Is Your Security Posture? Preventive measures are important, but… Now What?

5 Page 5 And Time is of the Essence! *Source: 2012 Verizon DBIR While the responders are way over here The attackers are here

6 Page 6 Important Things To Consider Improving Your Security Response

7 Page 7 Faster Intelligence Gathering

8  Broad Encryption support  Broad OS support  Ease, Speed and Flexibility of deployment and configuration  Forensic-grade visibility  Review capability  Policy enforcement mechanism Page 8 Key Requirements

9  Protecting Company Data Is Number One Goal!  Compliance HIPAA, PCI-DSS, Data breach notification laws, risk mitigation Intellectual Property handling policies Proliferation of laptops/tablets has increased risk of data loss  Eliminate risk of sensitive data in unauthorized locations  Prioritize incident response  Enable definitive policy enforcement Page 9 Where Is Your Data?

10 Page 10 For The “Now What?” Help Is Available

11 Page 11 EnCase Cybersecurity  Endpoint Incident Response Mitigate the RISK of successful attacks through rapid validation, comprehensive scope assessment, and containment of security incidents Reduce the TIME delay between compromise, detection and response Reduce the COST and overhead of incident response leveraging existing people and technologies  Endpoint Sensitive Data Discovery Mitigate the RISK of sensitive data in unauthorized locations Reduce the TIME it takes to locate sensitive data and enforce regulatory and policy compliance Reduce the COST associated with data discovery processes that don’t easily scale and lack definitive enforcement

12 Page 12 How EnCase Helps Mitigate the Risks of a Breach System Integrity Assessments – Expose unknowns and known bad via scheduled audits Large scale volatile data analysis – Discover system anomalies and similarities, expose attack artifacts Near-match analysis – expose iterations of morphed code and variations of detected threats Deep forensic analysis – completely and thoroughly investigate any anomaly or breach Remediation – immediate address risk by killing running process and wiping related disk artifacts Integration with SIEM and alerting systems – visibility into potentially affected hosts the moment an alert is generated

13 Page 13 Automating Incident Response Data Collection

14 Page 14 Automating Response: How it Works Snapshot of target Results  Running processes (Validation)  Open ports & N/w connections (Scope Assessment)  Existence of sensitive data (Prioritization)  And more… IP Addresses Hash Values Attacker IDSFirewall

15 Page 15  Comprehensive visibility Covers multiple operating and file systems, including email and document repositories Kernel level scans – locates deleted, in use and otherwise hard to see data locations Analyze metadata to quickly determine origin and where else errant sensitive data may reside  Built in templates for PCI and PII data, configurable for other data formats (account numbers, electronic health records, IP, etc.)  Scheduling capability to keep you covered  Web-based review and tagging  Securely wipe non-compliant data How EnCase Helps Find and Secure Sensitive Data

16 Page 16  EnCase forensic capabilities will investigate how the malware compromised the endpoint(s).  What was the delivery mechanism (e.g., USB drive, web page, email, etc.).  What activity occurred before the compromise, during and after.  What type of data was possibly exposed or compromised.  Have we identified all of the compromised systems? EnCase Cybersecurity: Questions Answered

17 Page 17 What About A Different Approach?

18 Page 18  Allowing quick visualization of undetected risks or threats Exposing suspicious patterns, commonalities and anomalies Spotting unusual changes over time  Interactive interface allowing on-the-fly adjustments so you can zero in on the threat What If Your Data Offered A Visual Representation

19 Page 19 EnCase Analytics: Standard Configuration Variants

20 Page 20 EnCase Analytics: Account Trends Over Time

21 Page 21  World Leader in Computer Forensics, eDiscovery and Incident Response Company Founded in 1997 Publicly Traded Company on NASDAQ (ticker symbol = GUID) Since 2006 40,000 EnCase Customers World Wide Over 1,500 EnCase Enterprise Customers ▫ More than 65% of the Fortune 100 ▫ More than 40% of the Fortune 500 300+ EnCase eDiscovery Customers, 200+ EnCase Cybersecurity Customers 50,000 people trained on EnCase Guidance Software, Inc. Overview

22 Page 22 Mel Pless, Sr. Director, Solutions Consulting, Guidance Software mel.pless@encase.com Thank You

Download ppt "Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.

Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.

AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
ISMS for Mobile Devices Page 1 ISO/IEC 27001 Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.

ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.

Similar presentations

Ads by Google