EnCase Analytics Product Overview



Similar documents
EnCase Endpoint Security Product Overview

SECURITY BEGINS AT THE ENDPOINT

Guidance Software Whitepaper. Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity

Guidance Software Whitepaper. Point-of-Sale Systems Endpoint Malware Detection and Remediation

Corporations Take Control of E-Discovery

EnCase Forensic Product Overview

Guidance Software Whitepaper. Best Practices for Integration and Incident Response Automation Using EnCase Endpoint Security

Detect & Investigate Threats. OVERVIEW

Whitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY

EnCase Cybersecurity. Network-enabled Incident Response and Endpoint Data Control through Cyberforensics. GUIDANCE SOFTWARE EnCase Cybersecurity

End-user Security Analytics Strengthens Protection with ArcSight

Discover & Investigate Advanced Threats. OVERVIEW

IBM Security IBM Corporation IBM Corporation

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Whitepaper. Advanced Threat Hunting with Carbon Black

CyberArk Privileged Threat Analytics. Solution Brief

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Extreme Networks Security Analytics G2 Vulnerability Manager

Vulnerability Management

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Carbon Black and Palo Alto Networks

IBM QRadar Security Intelligence April 2013

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Security QRadar Vulnerability Manager

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Advanced Threat Protection with Dell SecureWorks Security Services

Cyber Security Metrics Dashboards & Analytics

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Bridging the gap between COTS tool alerting and raw data analysis

Continuous Network Monitoring

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

IBM Security Intelligence Strategy

Combating a new generation of cybercriminal with in-depth security monitoring

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Incident Response. Six Best Practices for Managing Cyber Breaches.

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Caretower s SIEM Managed Security Services

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Under the Hood of the IBM Threat Protection System

IBM Security QRadar Risk Manager

How To Buy Nitro Security

The Importance of Cybersecurity Monitoring for Utilities

Analyzing HTTP/HTTPS Traffic Logs

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

How To Create An Insight Analysis For Cyber Security

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Leverage security intelligence for retail organizations

High End Information Security Services

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Integrated Threat & Security Management.

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Cisco Advanced Malware Protection

Find the needle in the security haystack

EnCase Enterprise For Corporations

RSA Security Anatomy of an Attack Lessons learned

24/7 Visibility into Advanced Malware on Networks and Endpoints

Boosting enterprise security with integrated log management

SANS Top 20 Critical Controls for Effective Cyber Defense

Cisco Cyber Threat Defense - Visibility and Network Prevention

Endpoint Security for DeltaV Systems

GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide. EnCase Cybersecurity. Complement Guide

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Persistence Mechanisms as Indicators of Compromise

Using SIEM for Real- Time Threat Detection

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Advanced Threats: The New World Order

Introducing IBM s Advanced Threat Protection Platform

The Hillstone and Trend Micro Joint Solution

Security strategies to stay off the Børsen front page

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

QRadar SIEM and FireEye MPS Integration

Enterprise Cybersecurity: Building an Effective Defense

integrating cutting-edge security technologies the case for SIEM & PAM

I D C A N A L Y S T C O N N E C T I O N

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

The Cloud App Visibility Blindspot

A New Perspective on Protecting Critical Networks from Attack:

AppGuard. Defeats Malware

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

IBM Security QRadar Risk Manager

Endpoint Threat Detection without the Pain

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Transcription:

GUIDANCE SOFTWARE EnCase Analytics EnCase Analytics Product Overview Security Intelligence through Endpoint Analytics

GUIDANCE SOFTWARE EnCase Analytics EnCase Analytics Key Benefits Find unknown and undiscovered threats: Detect early signs of intrusion and anomalous activity on endpoints that evade perimeter security and signature-based detection (e.g. APTs, rootkits, polymorphic malware), before greater damage can be done. Expose hidden security holes: Schedule automated snapshot collection from tens to hundreds of thousands of nodes in a day, providing a comprehensive view into security risks and vulnerabilities across all endpoints in your enterprise. Proactively detect insider threats: Reveal and thoroughly investigate insider activity that typically cannot be discovered by traditional threat-detection tools because users have authorized credentials allowing access. Once found, determine attribution and assess mitigation strategies. Key Features Ongoing and on-demand data collection from enterprise-wide endpoints, including servers, laptops, desktops, mobile devices, and point-of-sale (POS) terminals Instant visualization of endpoint data and activities Search for anomalies based on historical collections Extensible architecture that allows for self-built applications or customization of out-of-the-box applications Integration with third-party data sources such as whitelists or threat intelligence Report-sharing and exporting as images, PDFs, or spreadsheet files Organizations like yours are well aware of the unavoidable threat that cyber-attacks and other unknown risks pose to systems and data, and have invested in signature, indicator, and heuristic-based security that DETECTION promises to alert and stop these threats. For years, security professionals have tried to build the proverbial security wall to be as high and as strong as possible, COLLECT ENDPOINT DATA; NEARLY HALF believe their 70 % but you have been limited to tools and methodology that can detect and alert but not the types useful for organizations are compromised on only known threats. As a result, even the most threat detection robust software can t guarantee the ability to keep Source: SANS 2014 Survey of Endpoint Intelligence of attacks are advanced threats like zero-days, rootkits, morphing malware, or insider LESSmalfeasance VISIBILITY INTO THAN ADVANCED from infiltrating the enterprise, leaving security professionals with only one option: to wait for a 20 % breach to happen. What might look like ENDPOINT an ordinary activity DATA to warning systems PERSISTENT protecting the perimeter could turn out to be a major threat matters to your network MOST and for cause extensive damage. THREATS Proactive security teams must now operate under the assumption threat that detection they have been compromised. /////////////////// REMEDIATION Today s advanced threats are breaking through traditional security defenses. ////////// Unapproved communication channels /////////////////////// Firewalls Known bad code behaviors Obvious phishing attempts ////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////////////////// Intrusion Prevention Known static malware /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////// Spam Filter 54% YOUR DATA Known application exploits 0001101 0111000 0011010 111010 spend more than 2 HOURS returning machines to a trusted state To obtain insights into such unknown threats, most security intelligence tools in the market focus on structured data such as log files or network packets. However, simply monitoring network packets or looking at log files is not sufficient to detect the anomalous behavior of the emerging breed of threats. You need visibility into endpoints (servers and end-user devices) to get to the heart of the threats. Proactive Threat-Hunting with Endpoint Analytics EnCase Analytics changes the security workflow from waiting for an alert to threat hunting or proactively patrolling your endpoints looking for anomalies indicative of a breach. EnCase Analytics leverages the proven EnCase endpoint collection capability, adding security intelligence that exposes risk and threats that evade traditional detection technology, and it does so using insights derived from those terabytes of endpoint data. It provides a bird s-eye view of your endpoint risk through an interactive visual interface, so you can look for anomalous behavior in the system and quickly expose signs of intrusion. Anti Virus Overt unknown malware Rootkits, morphing malware, zero-days, targeted attacks, insider threats Configuration Management Vulnerability Assessment

The challenges of security analytics lie beyond just obtaining endpoint data. Even if you understand from which data you need to draw meaningful conclusions, and even if you have a way to gather it, how do you efficiently and effectively derive insights without complex and manual ETL (Extract, Transform, and Load) processes and programming? How do you present and share these insights with the non-technical, line-of-business stakeholders? EnCase Analytics offers an end-to-end solution to security analytics with: Automated Data Collection and Preparation Data collection and preparation are often the most time-consuming tasks of any analytics project and require a deep understanding of data sources, data models, and metadata. EnCase Analytics leverages the proven EnCase collection engine now in use on over 20 million devices. It delivers automated extract, transform, and load functions (ETL) and knows exactly which data is required for the analysis, freeing the security operations team from data preparation and allowing more time for analysis. No Data Scientists Required Through its interactive visualization interface, EnCase Analytics empowers enterprise security team to fine-tune various criteria, expose and draw complex relationships, and derive advanced endpoint intelligence in just seconds. It gives you the ability to quickly visualize your data from multiple dimensions, regardless of how large or disparate the data sets may be. Rapid Exposure of Malicious Activity No more idly waiting for threats to surface. With EnCase Analytics, you can monitor your enterprise-wide endpoints through the visual interface, allowing you to quickly obtain indication of security threats and manage security risks before they do damage to the organization. Quickly Remediate with EnCase Cybersecurity Once a breach is found, thorough investigation and remediation can be automated by using EnCase Cybersecurity. EnCase Analytics and EnCase Cybersecurity provide an integrated security solution enabling faster detection, assessment, remediation and recovery from security threats. Use Cases Discover possible access-policy violations by visualizing admin accounts that have initiated processes anywhere on the network, by domain Discover propagating and morphing malware by querying which processes are running at an abnormal rate within your network, which one has a unique hash value, and to which machines the process has proliferated NIST Cybersecurity Framework Alignment EnCase Analytics can assist in aligning with the detect function of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. DETECT: Anomalies and Events Anomalous activity is detected in a timely manner and the potential impact of events is understood. Data is aggregated and correlated Baseline is established and managed Events are analyzed for targets and methods Impact is determined Incident thresholds are established DETECT: Continuous Monitoring Information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. The network is monitored to detect threats Personnel activity is monitored to detect potential cybersecurity events Malicious code is detected External service provider activity is monitored to detect potential cybersecurity events

How it Works 1) Fast Collection Collection engine extracts volatile data from all endpoint Uses enterprise-proven servlet deployed on 20 million endpoints Endpoint data stored in a staging database 2) Processing & Aggregation Data is transformed and loaded into analytics database Pre-built or custom-built query created against the analytics database 3) Secure Analysis through Visualization Results are presented through the interactive visualizations Perform threat hunting using visualizations, validating anomalies that are indicative of threats Reports can be shared with non-technical stakeholders Easy Customization Built with an extensible architecture, EnCase Analytics allows for customizations at multiple levels: Data model layer: Open data model allows customization of the analytics database to extract and maintain information needed for specific queries and use cases Query engine layer: A multi-dimensional query engine allows ad-hoc slicing and dicing and drill-downs on any level of detail retrieved from endpoints, so that security analysts can identify and research anomalies in relationships of data previously considered uncorrelated Visualization layer: In addition to having access to multiple pre-built visualizations of different endpoint data and trends, security analysts can create their own custom visualizations to depict relationships between different security data points important to their security posture in an intuitive fashion. Get Guidance Leverage the expertise of our Advisory Consultants to take full advantage of your EnCase Analytics deployment. Our team of experts can help you with: Installation Integration with other systems Dashboard augmentation Report customization Training Guidance Software has differentiated itself by providing not only an application designed to expose security risks, but, more importantly, analytics that can be queried in a multitude of ways so businesses can find their own needles in their endpoint haystacks, for uses above and beyond security. - Javvad Malik, Senior Analyst, Enterprise Security Practice, 451 Research Flexible Integration To produce a comprehensive picture of potential security threats within the enterprise, EnCase Analytics can not only collect data from any endpoint in the enterprise, but can also integrate data from third-party security tools such as SIEM technologies, threat intelligence feeds, whitelisting or blacklisting sources, and more. As a result, EnCase Analytics provides even deeper insights into previously unknown security risks and potential threats before they have a chance to do serious damage to the enterprise. Become Proactive Threat Hunters The time has come to transform our organizations from prey into proactive threat hunters. Security teams like yours need visibility into activity across corporate endpoints, as well as the ability to forensically investigate anomalies and threats. Baselining and finding anomalies with EnCase Analytics helps you focus only on actual threats to sensitive information. Then EnCase Cybersecurity can help determine the fastest path to stopping and remediating those threats as swiftly as possible.

Example Use Case: Reveal APT Attacks Step 1: Investigate network connections to geographic locations Visualization: Chart of the network connections initiated by enterprise-wide endpoints, categorized by connection destination (pie charts) and the number of connections per process (bubble chart). Detected Anomaly: Communications with China Step 2: Determine unusual processes with connections to China Visualization: Chart showing machine, user, and processes running in China. Step 3: Respond and Remediate with EnCase Cybersecurity 1. Test the hash to determine if it is malware 2. Determine whether sensitive data is located on that machine 3. Find out whether the account has been compromised or a policy violation exists 4. Remediate the affected endpoints Detected Anomaly: Although browsers chrome.exe, firefox.exe, iexplorer.exe seem ordinary; the ntoskml. exe service with the FilePath \windows\ system32 seems problematic.

www.encase.com Our Customers Guidance Software s customers are corporations and government agencies in a wide variety of industries, such as financial and insurance services, technology, defense contracting, pharmaceutical, manufacturing and retail. Representative customers include Allstate, Chevron, FBI, Ford, General Electric, Honeywell, NATO, Northrop Grumman, Pfizer, SEC, UnitedHealth Group and Viacom. About Guidance Software (NASDAQ: GUID) Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase Enterprise platform is used by numerous government agencies, more than 65 percent of the Fortune 100, and more than 40 percent of the Fortune 500, to conduct digital investigations of servers, laptops, desktops and mobile devices. Built on the EnCase Enterprise platform are market-leading electronic discovery and cyber security solutions, EnCase ediscovery, EnCase Cybersecurity, and EnCase Analytics, which empower organizations to respond to litigation discovery requests, perform sensitive data discovery for compliance purposes, conduct speedy and thorough security incident response, and reveal previously hidden advanced persistent threats or malicious insider activity. For more information about Guidance Software, visit www.encase.com. EnCase, EnScript, FastBloc, EnCE, EnCEP, Guidance Software and Tableau are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other trademarks and copyrights referenced in this press release are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information