Weitere ähnliche Inhalte Ähnlich wie Cyber security event (20) Kürzlich hochgeladen (20) Cyber security event2. © Voodoo Technology Ltd
2015
DATA-CENTRIC CYBER SOLUTIONS
Voodoo Technology Limited
Paul Scully, Director of Global Sales
3. © Voodoo Technology Ltd
CYBER SECURITY: The Market Need
SOURCE: ISACA CYBER CSX REPORT
• Cybersecurity is a top global concern. 82% of enterprises expect to experience a
cyber incident in 2015
• More than 35% are unable to fill open cybersecurity positions
• 69% say certification is required for cybersecurity jobs
• 33% say qualified candidates have hands-on experience
• 46% say technical skills are needed
• There is a cybersecurity skills crisis: 1 million unfilled jobs
(source: Cisco)
The research is clear. Cybersecurity has evolved from critical topic into a public safety
issue
4. © Voodoo Technology Ltd
DATA LIFECYCLE
- Understand and prepare
- Discover & classify
- Investigate and respond
CYBER SECURITY SOLUTIONS
- Fill compliance gaps
- Improve protection of sensitive data
- Strengthen overall security posture
COMPLIANCE AND RISK MANAGEMENT
- Comply with regulations
- Improve data governance
- Establish a security baseline
CYBER SECURITY: What We Do
Integrated, automated and sustainable security and compliance.
Automate &
Operationalise
5. © Voodoo Technology Ltd
CYBER SECURITY:
Aligned with Business Needs
Strategy
Security is a business
priority aligned with the
enterprise’s goals
Focus on innovation
Respond proactively to
major changes to the
threat landscape
Technology
Embrace new and disruptive
security technologies as part
of the strategy
Governance
Open communications with
CEOs and corporate boards
9. © Voodoo Technology Ltd
Information Protection
for the Borderless Enterprise
Chris Rees
UK Regional Sales Manager
10. © Voodoo Technology Ltd
Secure Islands at a Glance
• Leader in Information Protection & Control
(IPC)
• Introduced IQProtector™ in 2010
• Offices in US, UK, Germany, Switzerland, Israel
• Strategic OEM agreement with HP
• Patented, field-proven technology
11. © Voodoo Technology Ltd
Select Customers
Global 500 companies
• Financial
• Legal
• Manufacturing
• Retail
• Energy
• Telecommunications
12. © Voodoo Technology Ltd
The threat vectors
13
Cyber Attacks
Partners / OffshorePrivileged Users
& Cloud Providers
The Insider Threat
Users
& Devices
Applications Storage
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED
13. © Voodoo Technology Ltd
The threat vectors
14
Cyber Attacks
Partners / OffshorePrivileged Users
& Cloud Providers
The Insider Threat
Users
& Devices
Applications Storage
The Perimeter is Gone and No Longer Provides Protection
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED
14. © Voodoo Technology Ltd
The Perimeter is Gone & No Longer Provides Protection
The threat vectors
15
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED
Cyber Attacks
Partners / OffshorePrivileged Users
& Cloud Providers
The Insider Threat
Users
& Devices
Applications Storage
The Perimeter is Gone and Can No Longer Be Protected
Data Immunization
At The Point of Creation
Makes the Threat
Irrelevant
15. © Voodoo Technology Ltd
What is Active Data Immunization?
Into the Data
At The Point of Creation
Policy
Classification
& Tagging
Encryption
Permission
Usage
Tracking
16. © Voodoo Technology Ltd
Immunize files upon creation from any source
Data generated by
Apps & web
Data used on
devices in Office
& mail apps
Data stored &
shared on/off
premise
Data used &
at rest on
repositories
17. © Voodoo Technology Ltd
100% Accurate classification – upon creation
18
DETERMINISTIC CLASSIFICATION & PROTECTION BASED ON SOURCE, CONTEXT AND CONTENT
Data generated
by Apps & web
Data used on
devices
in Office & mail
apps
Data stored &
shared via the
Cloud
Data used &
at rest on
repositories
18. © Voodoo Technology Ltd
Data classification examples
19
Intercept Files At the Source, Upon Creation
Finance
Advisor
Financial Report
from SAP
Salesforce
Report
Files copied to the M&A
folder in Share Point Online
Customers’
ID
Patterns
19. © Voodoo Technology Ltd
Encrypt all file types
20
User
Enhance Microsoft RMS
Encrypt ALL file types
Use encrypted file
in its native app
Enforce usage-rights when
using the file
Seamless use & enforcement of usage rights for any file on any app
20. © Voodoo Technology Ltd
Secure Collaboration
21
User
Collaborate securely using
encrypted data
Collaborate securely using
encrypted communications
Fully audited & controlled
data decryption, if required
Simple & secure collaboration – with anyone and on any device
21. © Voodoo Technology Ltd
IQProtector™ Solution
Components
DATA INTERCEPTORS
APPS & CLOUD
INTERCEPTORS
DATA SCANNERS &
BRIDGE
MANAGEMENT
SERVER & CONSOLE
IQPROTECTOR FOR
ENDPOINT
SERVER
MOBILE
23. © Voodoo Technology Ltd 24
Securely, Between peers, partners & applicationsCollaborat
e
3
Without affecting IT processesStorage4
Enriching data management retention & searchArchive5
Enforce usage rights of all file formats - on native appsConsume2
Deterministic classification & protection at the sourceCreate1
Immunize your data from the point of
creation, throughout its entire lifecycle
26. © Voodoo Technology Ltd
Nuix Incident Response
Explore the big picture to respond faster
Nuix Incident Response
Explore the big picture to respond faster
27. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 2813 May, 2015
Why are we here? It’s complicated!Why are we here? It’s complicated!
28. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 2913 May, 2015
The patented Nuix Engine is a technological
leap ahead of other vendors. It offers:
• Massively parallel processing – faster
than any other technology
• Forensic precision – more files
processed, none left behind
• Complex containers – transparency into
the formats where enterprises store most
of their human-generated data
This allows you to gain fast, pinpoint accurate
identification and investigation of any data.
Systems and methods for load-balancing by
secondary processors in parallel document
indexing
Sitsky & Sheehy US Patent – 8,359,365 B2
Why is Nuix different?Why is Nuix different?
29. © Voodoo Technology Ltd
Nuix Incident Response: Summary
• Advanced technology, unmatched scalability and deep experience in
cybersecurity and investigations
– We can change the way organizations tackle cybersecurity incidents.
– We can reduce the gap between incident detection & remediation.
– We can provide deep and rapid insights into the scope of a breach and the
path to resolution.
– We can build and apply intelligence.
– We can train and empower your cybersecurity and investigation teams.
– We can evolve to meet new challenges.
Nuix Incident Response: Summary
30. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3113 May, 2015
Data => Information => IntelligenceData => Information => Intelligence
31. © Voodoo Technology Ltd
Extract text and metadata from 100s of different file types
Email & Loose Files Incident Response Misc.
Microsoft:
• EDB, STM, EWS (Microsoft Exchange)
• PST, OST (Microsoft Outlook storage files)
• MSG (Microsoft Outlook single mail files)
Lotus:
• NSF (Lotus Notes / Domino)
Misc. Other:
• MBOX, DBX, MBX (Microsoft Outlook Express)
• EML, EMLX, BOX, SML
• Webmail – HTML Scraped from browser
cache
Document Types:
• HTML , Plain text, RTF, PDF
• DOCX, DOC, DOT (Microsoft Word)
• XLSX, XLS, XLT (Microsoft Excel)
• PPTX, PPT, POT, PPS (Microsoft PowerPoint)
• WKS, XLR (Microsoft Works spreadsheets)
Image Types:
• PNG, JPEG, JP2, TIFF, GIF, BMP, PBM, PPM,
PGM, RAW, WBMP, WMF, WMZ, EMF, EMZ
Forensic Image Files:
• Encase Images (E01, L01)
• Access Data (AD1)
• Linux DD Files
• Mobile Images (Cellebrite / XRY / Oxygen)
Log Files:
• Windows Event Logs (EVT/EVTX)
• Web Logs (IIS, Apache)
• Firewall & FTP Logs
• Logstash Output
Network Captures:
• PCAP Files
System Files:
• EXE/DLLs
• LNK, Prefetch & Jump List Files
• Windows Registry Hives inc. decoding
File System Artifacts:
• $LogFile, $UserJrml, Object ID
• Apple property lists
• Carving from unallocated & file slack
Fuzzy Hashing - SSDeep
Structured Data:
• MS SQL (Live & MDF/LDF are text stripped)
• SQLLite
Browser & Cloud Artifacts:
• IE, Safari, Chrome, Firefox
• Dropbox, AWS
Container Files
• ZIP, RAR, LZH, LHA, ARC, TAR, GZ, BZ2, ISO
Virtual Machine Images
• VDK, VMDK (Virtual Disk Images)
• Parallels
Archive Systems
• EMC EmailXtender (*.emx)/Source One
• Symantec 2007, 8, 9, 10
• HP EAS
DMS Systems:
• MS SharePoint
Unknown File Types:
• Unknown file types are text stripped.
Extract text and metadata from 100s of different file types
32. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3313 May, 2015
Search, Discovery and AnalyticsSearch, Discovery and Analytics
33. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3413 May, 2015
Incident Response DemandsIncident Response Demands
34. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3513 May, 2015
• Insider Threat is costly and damaging to any organization and is often overlooked
– One-third of cybercrime incidents involve insiders*
– Nearly 50% of organizations say insider breaches are more damaging than those by outsiders*
– 71% of employees say they can access data they should not see**
• 50% of employees take some form of data when they switch companies
– 43% of organizations say they cannot track user privilege escalation or anomalous access
behavior***
– Average cost of a breach is around $3.5 million*
• Organizations with a business continuity management, strong security posture and incident response
plan with a CISO reduced the cost of breaches substantially*
REMEMBER – AN EXTERNAL ACTOR BECOMES AN INSIDER!
* CERT Program at Carnegie Mellon University, 2014 US State of Cybercrime Survey
** Ponemon Institute, Corporate Data: A Protected Asset or a Ticking Time Bomb?
*** Courion, IT Security Executive Survey, Access Risk Attitudes
Incident Response DemandsIncident Response Demands
36. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3713 May, 2015
Enterprise Capable Collection
Includes enterprise capable logical
collections, volatile data capture and
visualization to allow investigators
capture wide and maintain control.
Enterprise Capable Collection
37. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3813 May, 2015
Deep Log File SupportDeep Log File Support
38. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 3913 May, 2015
Powerful Filtering and SearchingPowerful Filtering and Searching
39. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 4013 May, 2015
Combine Intelligence – Context and GeoIPCombine Intelligence – Context and GeoIP
40. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 4113 May, 2015
Find A Thread…..And Pull It!
SQLi – identified as
“Notable Log Entry”
by ContextTimeline automatically finds
artifacts across other
evidence items
Find A Thread…..And Pull It!
41. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 4213 May, 2015
Find A Thread…..And Pull It!Find A Thread…..And Pull It!
42. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 4313 May, 2015
Deep File System AnalysisDeep File System Analysis
44. © Voodoo Technology Ltd
Product Use Case
• Client traditionally used EnCase and GREP, hugely sceptical about Nuix in a data breach scenario
• Nuix ingested over 10 million items (8.4 million apache logs) in 104 minutes (18.4 million log entries
results inside 5 minutes)
• Post processing only took 3 minutes to discover:
– SQLi
– Directory traversal
– Uploads of shell scripts
– Clear text card numbers
– IPs responsible for the attack
• Achieved using 8 core 28Gb RAM from a single RAID 5 disk
46. © Voodoo Technology Ltd
Events, Training and Thought Leadership Content
• Fact Sheet: Nuix Incident Response
• Brochure: Nuix Cybersecurity
• Whitepapers:
– The Good Shepherd Model for Cybersecurity
– One Window into Your Investigations
– Intelligence, Collaboration and Analytics for
Digital Investigations
• Nuix Unstructured Blog, Nuix Bytes Videos
• Nuix Fundamentals Cybersecurity Training
• Hack It & Track It Training
• Quarterly Threat Briefings
• Conference Presentations
47. © Voodoo Technology Ltd COPYRIGHT NUIX 2015 4813 May, 2015
FIND OUT MORE:
nuix.com/blog
facebook.com/nuixsoftware
linkedin.com/company/nuix
twitter.com/nuix
youtube.com/nuixsoftware
nuix.com