cyber security event
TRANSCRIPT
© Voodoo Technology Ltd
2015
DATA-CENTRIC CYBER SOLUTIONS Voodoo Technology LimitedPaul Scully, Director of Global Sales
© Voodoo Technology Ltd
CYBER SECURITY: The Market Need
SOURCE: ISACA CYBER CSX REPORT
• Cybersecurity is a top global concern. 82% of enterprises expect to experience a cyber incident in 2015
• More than 35% are unable to fill open cybersecurity positions
• 69% say certification is required for cybersecurity jobs
• 33% say qualified candidates have hands-on experience • 46% say technical skills are needed • There is a cybersecurity skills crisis: 1 million unfilled jobs (source: Cisco) The research is clear. Cybersecurity has evolved from critical topic into a public safety issue
© Voodoo Technology Ltd
DATA LIFECYCLE- Understand and prepare- Discover & classify- Investigate and respond
CYBER SECURITY SOLUTIONS- Fill compliance gaps- Improve protection of sensitive data- Strengthen overall security posture
COMPLIANCE AND RISK MANAGEMENT- Comply with regulations- Improve data governance- Establish a security baseline
CYBER SECURITY: What We Do
Integrated, automated and sustainable security and compliance.
Automate & Operationalise
© Voodoo Technology Ltd
CYBER SECURITY: Aligned with Business Needs
Strategy
Security is a business priority aligned with the enterprise’s goals
Focus on innovation Respond proactively to
major changes to the threat landscape
Technology
Embrace new and disruptive security technologies as part of the strategy
Governance
Open communications with CEOs and corporate boards
© Voodoo Technology Ltd
Information Protectionfor the Borderless Enterprise Chris ReesUK Regional Sales Manager
© Voodoo Technology Ltd
Secure Islands at a Glance
• Leader in Information Protection & Control (IPC)
• Introduced IQProtector™ in 2010• Offices in US, UK, Germany, Switzerland,
Israel • Strategic OEM agreement with HP • Patented, field-proven technology
© Voodoo Technology Ltd
Select Customers
Global 500 companies
• Financial • Legal • Manufacturing • Retail• Energy • Telecommunications
© Voodoo Technology Ltd
The threat vectors
13
Cyber Attacks
Partners / OffshorePrivileged Users& Cloud Providers
The Insider Threat
Users & Devices
Applications Storage
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED
© Voodoo Technology Ltd
The threat vectors
14
Cyber Attacks
Partners / OffshorePrivileged Users& Cloud Providers
The Insider Threat
Users & Devices
Applications Storage
The Perimeter is Gone and No Longer Provides Protection
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED
© Voodoo Technology Ltd
The Perimeter is Gone & No Longer Provides Protection
The threat vectors
15
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED
Cyber Attacks
Partners / OffshorePrivileged Users& Cloud Providers
The Insider Threat
Users & Devices
Applications Storage
The Perimeter is Gone and Can No Longer Be Protected
Data Immunization At The Point of
CreationMakes the Threat Irrelevant
© Voodoo Technology Ltd
What is Active Data Immunization?
Into the DataAt The Point of Creation
Policy
Classification & Tagging
Encryption
Permission
Usage Tracking
© Voodoo Technology Ltd
Immunize files upon creation from any source
Data generated by Apps & web
Data used on devices in Office
& mail apps
Data stored & shared
on/off premise
Data used &at rest on
repositories
© Voodoo Technology Ltd
100% Accurate classification – upon creation
18
DETERMINISTIC CLASSIFICATION & PROTECTION BASED ON SOURCE, CONTEXT AND CONTENT
Data generated by Apps & web
Data used on devices
in Office & mail apps
Data stored & shared via the
Cloud
Data used &at rest on
repositories
© Voodoo Technology Ltd
Data classification examples
19
Intercept Files At the Source, Upon Creation
FinanceAdvisor
Financial Reportfrom SAP
SalesforceReport
Files copied to the M&A folder in Share Point Online
M&A
Customer
InfoFinance
Confidential
Top Secret
Confidential
Customers’
ID Patterns
© Voodoo Technology Ltd
Encrypt all file types
20
User
Enhance Microsoft RMS
Encrypt ALL file types
Use encrypted file in its native app
Enforce usage-rights when using the file
Seamless use & enforcement of usage rights for any file on any app
© Voodoo Technology Ltd
Secure Collaboration
21
User
Collaborate securely using encrypted data
Collaborate securely usingencrypted communications
Fully audited & controlleddata decryption, if required
Simple & secure collaboration – with anyone and on any device
© Voodoo Technology Ltd
IQProtector™ Solution Components
DATA INTERCEPTORS
APPS & CLOUD INTERCEPTORS
DATA SCANNERS & BRIDGE
MANAGEMENT SERVER & CONSOLE
IQPROTECTOR FOR
ENDPOINT SERVERMOBILE
© Voodoo Technology Ltd
24
Securely, Between peers, partners & applications
Collabora
te3
Without affecting IT processesStorage4Enriching data management retention & search Archive5
Enforce usage rights of all file formats - on native apps
Consume2
Deterministic classification & protection at the sourceCreate 1
Immunize your data from the point of creation, throughout its entire lifecycle
© Voodoo Technology Ltd
Nuix Incident ResponseExplore the big picture to respond fasterNuix Incident Response
Explore the big picture to respond faster
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 2813 May, 2015
Why are we here? It’s complicated!Why are we here? It’s complicated!
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 2913 May, 2015
The patented Nuix Engine is a technological leap ahead of other vendors. It offers:• Massively parallel processing – faster
than any other technology• Forensic precision – more files
processed, none left behind• Complex containers – transparency into
the formats where enterprises store most of their human-generated data
This allows you to gain fast, pinpoint accurate identification and investigation of any data.
Systems and methods for load-balancing by secondary processors in parallel document indexing Sitsky & Sheehy US Patent – 8,359,365 B2
Why is Nuix different?Why is Nuix different?
© Voodoo Technology Ltd
Nuix Incident Response: Summary
• Advanced technology, unmatched scalability and deep experience in cybersecurity and investigations– We can change the way organizations tackle cybersecurity incidents.– We can reduce the gap between incident detection & remediation.– We can provide deep and rapid insights into the scope of a breach and the
path to resolution. – We can build and apply intelligence.– We can train and empower your cybersecurity and investigation teams.– We can evolve to meet new challenges.
Nuix Incident Response: Summary
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3113 May, 2015
Data => Information => IntelligenceData => Information => Intelligence
© Voodoo Technology Ltd
Extract text and metadata from 100s of different file types
Email & Loose Files Incident Response Misc.
Microsoft:• EDB, STM, EWS (Microsoft Exchange) • PST, OST (Microsoft Outlook storage files) • MSG (Microsoft Outlook single mail files)
Lotus:• NSF (Lotus Notes / Domino)
Misc. Other:• MBOX, DBX, MBX (Microsoft Outlook
Express) • EML, EMLX, BOX, SML• Webmail – HTML Scraped from browser
cache
Document Types:• HTML , Plain text, RTF, PDF • DOCX, DOC, DOT (Microsoft Word) • XLSX, XLS, XLT (Microsoft Excel) • PPTX, PPT, POT, PPS (Microsoft PowerPoint) • WKS, XLR (Microsoft Works spreadsheets)
Image Types:• PNG, JPEG, JP2, TIFF, GIF, BMP, PBM, PPM,
PGM, RAW, WBMP, WMF, WMZ, EMF, EMZ
Forensic Image Files:• Encase Images (E01, L01)• Access Data (AD1)• Linux DD Files• Mobile Images (Cellebrite / XRY / Oxygen)
Log Files:• Windows Event Logs (EVT/EVTX)• Web Logs (IIS, Apache)• Firewall & FTP Logs• Logstash Output
Network Captures:• PCAP Files
System Files:• EXE/DLLs• LNK, Prefetch & Jump List Files• Windows Registry Hives inc. decoding
File System Artifacts:• $LogFile, $UserJrml, Object ID• Apple property lists• Carving from unallocated & file slack
Fuzzy Hashing - SSDeep
Structured Data:• MS SQL (Live & MDF/LDF are text stripped)• SQLLite
Browser & Cloud Artifacts:• IE, Safari, Chrome, Firefox• Dropbox, AWS
Container Files• ZIP, RAR, LZH, LHA, ARC, TAR, GZ, BZ2,
ISO
Virtual Machine Images• VDK, VMDK (Virtual Disk Images)• Parallels
Archive Systems• EMC EmailXtender (*.emx)/Source One• Symantec 2007, 8, 9, 10• HP EAS
DMS Systems:• MS SharePoint
Unknown File Types:• Unknown file types are text stripped.
Extract text and metadata from 100s of different file types
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3313 May, 2015
Search, Discovery and Analytics Search, Discovery and Analytics
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3413 May, 2015
Incident Response DemandsIncident Response Demands
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3513 May, 2015
• Insider Threat is costly and damaging to any organization and is often overlooked– One-third of cybercrime incidents involve insiders* – Nearly 50% of organizations say insider breaches are more damaging than those by outsiders*– 71% of employees say they can access data they should not see**
• 50% of employees take some form of data when they switch companies– 43% of organizations say they cannot track user privilege escalation or anomalous access
behavior***– Average cost of a breach is around $3.5 million*
• Organizations with a business continuity management, strong security posture and incident response plan with a CISO reduced the cost of breaches substantially*
REMEMBER – AN EXTERNAL ACTOR BECOMES AN INSIDER!* CERT Program at Carnegie Mellon University, 2014 US State of Cybercrime Survey** Ponemon Institute, Corporate Data: A Protected Asset or a Ticking Time Bomb?*** Courion, IT Security Executive Survey, Access Risk Attitudes
Incident Response DemandsIncident Response Demands
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3713 May, 2015
Enterprise Capable Collection
Includes enterprise capable logical collections, volatile data capture and
visualization to allow investigators capture wide and maintain control.
Enterprise Capable Collection
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3813 May, 2015
Deep Log File SupportDeep Log File Support
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 3913 May, 2015
Powerful Filtering and SearchingPowerful Filtering and Searching
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 4013 May, 2015
Combine Intelligence – Context and GeoIPCombine Intelligence – Context and GeoIP
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 4113 May, 2015
Find A Thread…..And Pull It!
SQLi – identified as “Notable Log Entry”
by ContextTimeline automatically finds artifacts across other
evidence items
Find A Thread…..And Pull It!
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 4213 May, 2015
Find A Thread…..And Pull It!Find A Thread…..And Pull It!
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 4313 May, 2015
Deep File System AnalysisDeep File System Analysis
© Voodoo Technology Ltd
Product Use Case
• Client traditionally used EnCase and GREP, hugely sceptical about Nuix in a data breach scenario
• Nuix ingested over 10 million items (8.4 million apache logs) in 104 minutes (18.4 million log entries results inside 5 minutes)
• Post processing only took 3 minutes to discover:– SQLi– Directory traversal– Uploads of shell scripts– Clear text card numbers– IPs responsible for the attack
• Achieved using 8 core 28Gb RAM from a single RAID 5 disk
© Voodoo Technology Ltd
Events, Training and Thought Leadership Content
• Fact Sheet: Nuix Incident Response• Brochure: Nuix Cybersecurity• Whitepapers:
– The Good Shepherd Model for Cybersecurity– One Window into Your Investigations– Intelligence, Collaboration and Analytics for
Digital Investigations• Nuix Unstructured Blog, Nuix Bytes Videos• Nuix Fundamentals Cybersecurity Training• Hack It & Track It Training• Quarterly Threat Briefings• Conference Presentations
© Voodoo Technology Ltd
COPYRIGHT NUIX 2015 4813 May, 2015
FIND OUT MORE:
nuix.com/blog
facebook.com/nuixsoftware
linkedin.com/company/nuix
twitter.com/nuix
youtube.com/nuixsoftware
nuix.com