cyber security event

© Voodoo Technology Ltd

CYBER SECURITY EVERYTHING YOU NEED TO KNOW


2015

DATA-CENTRIC CYBER SOLUTIONS Voodoo Technology LimitedPaul Scully, Director of Global Sales


CYBER SECURITY: The Market Need

SOURCE: ISACA CYBER CSX REPORT

• Cybersecurity is a top global concern. 82% of enterprises expect to experience a cyber incident in 2015

• More than 35% are unable to fill open cybersecurity positions

• 69% say certification is required for cybersecurity jobs

• 33% say qualified candidates have hands-on experience • 46% say technical skills are needed • There is a cybersecurity skills crisis: 1 million unfilled jobs (source: Cisco) The research is clear. Cybersecurity has evolved from critical topic into a public safety issue


DATA LIFECYCLE- Understand and prepare- Discover & classify- Investigate and respond

CYBER SECURITY SOLUTIONS- Fill compliance gaps- Improve protection of sensitive data- Strengthen overall security posture

COMPLIANCE AND RISK MANAGEMENT- Comply with regulations- Improve data governance- Establish a security baseline

CYBER SECURITY: What We Do

Integrated, automated and sustainable security and compliance.

Automate & Operationalise


CYBER SECURITY: Aligned with Business Needs

Strategy

Security is a business priority aligned with the enterprise’s goals

Focus on innovation Respond proactively to

major changes to the threat landscape

Technology

Embrace new and disruptive security technologies as part of the strategy

Governance

Open communications with CEOs and corporate boards


CYBER SECURITY: who we do it for

VOODOOTEC


Any QuestionsData-Centric Cyber Solutions


SECURE ISLANDS


Information Protectionfor the Borderless Enterprise Chris ReesUK Regional Sales Manager


Secure Islands at a Glance

• Leader in Information Protection & Control (IPC)

• Introduced IQProtector™ in 2010• Offices in US, UK, Germany, Switzerland,

Israel • Strategic OEM agreement with HP • Patented, field-proven technology


Select Customers

Global 500 companies

• Financial • Legal • Manufacturing • Retail• Energy • Telecommunications


The threat vectors

13

Cyber Attacks

Partners / OffshorePrivileged Users& Cloud Providers

The Insider Threat

Users & Devices

Applications Storage

AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED


The threat vectors

14

Cyber Attacks


The Insider Threat

Users & Devices


The Perimeter is Gone and No Longer Provides Protection



The Perimeter is Gone & No Longer Provides Protection

The threat vectors

15


Cyber Attacks


The Insider Threat

Users & Devices


The Perimeter is Gone and Can No Longer Be Protected

Data Immunization At The Point of

CreationMakes the Threat Irrelevant


What is Active Data Immunization?

Into the DataAt The Point of Creation

Policy

Classification & Tagging

Encryption

Permission

Usage Tracking


Immunize files upon creation from any source

Data generated by Apps & web

Data used on devices in Office

& mail apps

Data stored & shared

on/off premise

Data used &at rest on

repositories


100% Accurate classification – upon creation

18

DETERMINISTIC CLASSIFICATION & PROTECTION BASED ON SOURCE, CONTEXT AND CONTENT

Data generated by Apps & web

Data used on devices

in Office & mail apps

Data stored & shared via the

Cloud

Data used &at rest on

repositories


Data classification examples

19

Intercept Files At the Source, Upon Creation

FinanceAdvisor

Financial Reportfrom SAP

SalesforceReport

Files copied to the M&A folder in Share Point Online

M&A

Customer

InfoFinance

Confidential

Top Secret

Confidential

Customers’

ID Patterns


Encrypt all file types

20

User

Enhance Microsoft RMS

Encrypt ALL file types

Use encrypted file in its native app

Enforce usage-rights when using the file

Seamless use & enforcement of usage rights for any file on any app


Secure Collaboration

21

User

Collaborate securely using encrypted data

Collaborate securely usingencrypted communications

Fully audited & controlleddata decryption, if required

Simple & secure collaboration – with anyone and on any device


IQProtector™ Solution Components

DATA INTERCEPTORS

APPS & CLOUD INTERCEPTORS

DATA SCANNERS & BRIDGE

MANAGEMENT SERVER & CONSOLE

IQPROTECTOR FOR

ENDPOINT SERVERMOBILE


To Summarize


24

Securely, Between peers, partners & applications

Collabora

te3

Without affecting IT processesStorage4Enriching data management retention & search Archive5

Enforce usage rights of all file formats - on native apps

Consume2

Deterministic classification & protection at the sourceCreate 1

Immunize your data from the point of creation, throughout its entire lifecycle


www.secureislands.com


Nuix Incident ResponseExplore the big picture to respond fasterNuix Incident Response

Explore the big picture to respond faster


COPYRIGHT NUIX 2015 2813 May, 2015

Why are we here? It’s complicated!Why are we here? It’s complicated!



The patented Nuix Engine is a technological leap ahead of other vendors. It offers:• Massively parallel processing – faster

than any other technology• Forensic precision – more files

processed, none left behind• Complex containers – transparency into

the formats where enterprises store most of their human-generated data

This allows you to gain fast, pinpoint accurate identification and investigation of any data.

Systems and methods for load-balancing by secondary processors in parallel document indexing Sitsky & Sheehy US Patent – 8,359,365 B2

Why is Nuix different?Why is Nuix different?


Nuix Incident Response: Summary

• Advanced technology, unmatched scalability and deep experience in cybersecurity and investigations– We can change the way organizations tackle cybersecurity incidents.– We can reduce the gap between incident detection & remediation.– We can provide deep and rapid insights into the scope of a breach and the

path to resolution. – We can build and apply intelligence.– We can train and empower your cybersecurity and investigation teams.– We can evolve to meet new challenges.

Nuix Incident Response: Summary



Data => Information => IntelligenceData => Information => Intelligence


Extract text and metadata from 100s of different file types

Email & Loose Files Incident Response Misc.

Microsoft:• EDB, STM, EWS (Microsoft Exchange) • PST, OST (Microsoft Outlook storage files) • MSG (Microsoft Outlook single mail files)

Lotus:• NSF (Lotus Notes / Domino)

Misc. Other:• MBOX, DBX, MBX (Microsoft Outlook

Express) • EML, EMLX, BOX, SML• Webmail – HTML Scraped from browser

cache

Document Types:• HTML , Plain text, RTF, PDF • DOCX, DOC, DOT (Microsoft Word) • XLSX, XLS, XLT (Microsoft Excel) • PPTX, PPT, POT, PPS (Microsoft PowerPoint) • WKS, XLR (Microsoft Works spreadsheets)

Image Types:• PNG, JPEG, JP2, TIFF, GIF, BMP, PBM, PPM,

PGM, RAW, WBMP, WMF, WMZ, EMF, EMZ

Forensic Image Files:• Encase Images (E01, L01)• Access Data (AD1)• Linux DD Files• Mobile Images (Cellebrite / XRY / Oxygen)

Log Files:• Windows Event Logs (EVT/EVTX)• Web Logs (IIS, Apache)• Firewall & FTP Logs• Logstash Output

Network Captures:• PCAP Files

System Files:• EXE/DLLs• LNK, Prefetch & Jump List Files• Windows Registry Hives inc. decoding

File System Artifacts:• $LogFile, $UserJrml, Object ID• Apple property lists• Carving from unallocated & file slack

Fuzzy Hashing - SSDeep

Structured Data:• MS SQL (Live & MDF/LDF are text stripped)• SQLLite

Browser & Cloud Artifacts:• IE, Safari, Chrome, Firefox• Dropbox, AWS

Container Files• ZIP, RAR, LZH, LHA, ARC, TAR, GZ, BZ2,

ISO

Virtual Machine Images• VDK, VMDK (Virtual Disk Images)• Parallels

Archive Systems• EMC EmailXtender (*.emx)/Source One• Symantec 2007, 8, 9, 10• HP EAS

DMS Systems:• MS SharePoint

Unknown File Types:• Unknown file types are text stripped.

Extract text and metadata from 100s of different file types



Search, Discovery and Analytics Search, Discovery and Analytics



Incident Response DemandsIncident Response Demands



• Insider Threat is costly and damaging to any organization and is often overlooked– One-third of cybercrime incidents involve insiders* – Nearly 50% of organizations say insider breaches are more damaging than those by outsiders*– 71% of employees say they can access data they should not see**

• 50% of employees take some form of data when they switch companies– 43% of organizations say they cannot track user privilege escalation or anomalous access

behavior***– Average cost of a breach is around $3.5 million*

• Organizations with a business continuity management, strong security posture and incident response plan with a CISO reduced the cost of breaches substantially*

REMEMBER – AN EXTERNAL ACTOR BECOMES AN INSIDER!* CERT Program at Carnegie Mellon University, 2014 US State of Cybercrime Survey** Ponemon Institute, Corporate Data: A Protected Asset or a Ticking Time Bomb?*** Courion, IT Security Executive Survey, Access Risk Attitudes

Incident Response DemandsIncident Response Demands

http://resources.sei.cmu.edu/asset_files/Presentation/2014_017_001_298322.pdf

http://www.varonis.com/research/why-are-data-breaches-happening/

http://www.courion.com/page/it-security-survey-november-2014/


Nuix Incident Response – Overview



Enterprise Capable Collection

Includes enterprise capable logical collections, volatile data capture and

visualization to allow investigators capture wide and maintain control.

Enterprise Capable Collection



Deep Log File SupportDeep Log File Support



Powerful Filtering and SearchingPowerful Filtering and Searching



Combine Intelligence – Context and GeoIPCombine Intelligence – Context and GeoIP



Find A Thread…..And Pull It!

SQLi – identified as “Notable Log Entry”

by ContextTimeline automatically finds artifacts across other

evidence items

Find A Thread…..And Pull It!



Find A Thread…..And Pull It!Find A Thread…..And Pull It!



Deep File System AnalysisDeep File System Analysis


Case StudyCase Study


Product Use Case

• Client traditionally used EnCase and GREP, hugely sceptical about Nuix in a data breach scenario

• Nuix ingested over 10 million items (8.4 million apache logs) in 104 minutes (18.4 million log entries results inside 5 minutes)

• Post processing only took 3 minutes to discover:– SQLi– Directory traversal– Uploads of shell scripts– Clear text card numbers– IPs responsible for the attack

• Achieved using 8 core 28Gb RAM from a single RAID 5 disk


Nuix Incident Response – Find Out More


Events, Training and Thought Leadership Content

• Fact Sheet: Nuix Incident Response• Brochure: Nuix Cybersecurity• Whitepapers:

– The Good Shepherd Model for Cybersecurity– One Window into Your Investigations– Intelligence, Collaboration and Analytics for

Digital Investigations• Nuix Unstructured Blog, Nuix Bytes Videos• Nuix Fundamentals Cybersecurity Training• Hack It & Track It Training• Quarterly Threat Briefings• Conference Presentations



FIND OUT MORE:

nuix.com/blog

facebook.com/nuixsoftware

linkedin.com/company/nuix

twitter.com/nuix

youtube.com/nuixsoftware

nuix.com


Thank YouQ&A

cyber security event

Software

voodoo technology

cyber security solutions

cyber incident

fieldproven technology

sustainable security

threat vectors

technology limited paul

threat irrelevant