Cyber security event

© Voodoo Technology Ltd
CYBER SECURITY
EVERYTHING YOU NEED TO KNOW

2015
DATA-CENTRIC CYBER SOLUTIONS
Voodoo Technology Limited
Paul Scully, Director of Global Sales

CYBER SECURITY: The Market Need
SOURCE: ISACA CYBER CSX REPORT
• Cybersecurity is a top global concern. 82% of enterprises expect to experience a
cyber incident in 2015
• More than 35% are unable to fill open cybersecurity positions
• 69% say certification is required for cybersecurity jobs
• 33% say qualified candidates have hands-on experience
• 46% say technical skills are needed
• There is a cybersecurity skills crisis: 1 million unfilled jobs
(source: Cisco)
The research is clear. Cybersecurity has evolved from critical topic into a public safety
issue

DATA LIFECYCLE
- Understand and prepare
- Discover & classify
- Investigate and respond
CYBER SECURITY SOLUTIONS
- Fill compliance gaps
- Improve protection of sensitive data
- Strengthen overall security posture
COMPLIANCE AND RISK MANAGEMENT
- Comply with regulations
- Improve data governance
- Establish a security baseline
CYBER SECURITY: What We Do
Integrated, automated and sustainable security and compliance.
Automate &
Operationalise

CYBER SECURITY:
Aligned with Business Needs
Strategy
 Security is a business
priority aligned with the
enterprise’s goals
 Focus on innovation
 Respond proactively to
major changes to the
threat landscape
Technology
 Embrace new and disruptive
security technologies as part
of the strategy
Governance
 Open communications with
CEOs and corporate boards

CYBER SECURITY: who we do it for
VOODOOTEC

Any Questions
• Data-Centric Cyber Solutions

SECURE ISLANDS

Information Protection
for the Borderless Enterprise
Chris Rees
UK Regional Sales Manager

Secure Islands at a Glance
• Leader in Information Protection & Control
(IPC)
• Introduced IQProtector™ in 2010
• Offices in US, UK, Germany, Switzerland, Israel
• Strategic OEM agreement with HP
• Patented, field-proven technology

Select Customers
Global 500 companies
• Financial
• Legal
• Manufacturing
• Retail
• Energy
• Telecommunications

The threat vectors
13
Cyber Attacks
Partners / OffshorePrivileged Users
& Cloud Providers
The Insider Threat
Users
& Devices
Applications Storage
AS SOON AS A DOCUMENT IS CREATED – IT IS EXPOSED

The threat vectors
14
Cyber Attacks
& Cloud Providers
The Insider Threat
Users
& Devices
The Perimeter is Gone and No Longer Provides Protection

The Perimeter is Gone & No Longer Provides Protection
The threat vectors
15
Cyber Attacks
& Cloud Providers
The Insider Threat
Users
& Devices
The Perimeter is Gone and Can No Longer Be Protected
Data Immunization
At The Point of Creation
Makes the Threat
Irrelevant

What is Active Data Immunization?
Into the Data
At The Point of Creation
Policy
Classification
& Tagging
Encryption
Permission
Usage
Tracking

Immunize files upon creation from any source
Data generated by
Apps & web
Data used on
devices in Office
& mail apps
Data stored &
shared on/off
premise
Data used &
at rest on
repositories

100% Accurate classification – upon creation
18
DETERMINISTIC CLASSIFICATION & PROTECTION BASED ON SOURCE, CONTEXT AND CONTENT
Data generated
by Apps & web
Data used on
devices
in Office & mail
apps
Data stored &
shared via the
Cloud
Data used &
at rest on
repositories

Data classification examples
19
Intercept Files At the Source, Upon Creation
Finance
Advisor
Financial Report
from SAP
Salesforce
Report
Files copied to the M&A
folder in Share Point Online
Customers’
ID
Patterns

Encrypt all file types
20
User
 Enhance Microsoft RMS
 Encrypt ALL file types
 Use encrypted file
in its native app
 Enforce usage-rights when
using the file
Seamless use & enforcement of usage rights for any file on any app

Secure Collaboration
21
User
 Collaborate securely using
encrypted data
 Collaborate securely using
encrypted communications
 Fully audited & controlled
data decryption, if required
Simple & secure collaboration – with anyone and on any device

IQProtector™ Solution
Components
DATA INTERCEPTORS
APPS & CLOUD
INTERCEPTORS
DATA SCANNERS &
BRIDGE
MANAGEMENT
SERVER & CONSOLE
IQPROTECTOR FOR
ENDPOINT
SERVER
MOBILE

To Summarize

© Voodoo Technology Ltd 24
Securely, Between peers, partners & applicationsCollaborat
e
3
Without affecting IT processesStorage4
Enriching data management retention & searchArchive5
Enforce usage rights of all file formats - on native appsConsume2
Deterministic classification & protection at the sourceCreate1
Immunize your data from the point of
creation, throughout its entire lifecycle

www.secureislands.com

Nuix Incident Response
Explore the big picture to respond faster
Nuix Incident Response
Explore the big picture to respond faster

© Voodoo Technology Ltd COPYRIGHT NUIX 2015 2813 May, 2015
Why are we here? It’s complicated!Why are we here? It’s complicated!

The patented Nuix Engine is a technological
leap ahead of other vendors. It offers:
• Massively parallel processing – faster
than any other technology
• Forensic precision – more files
processed, none left behind
• Complex containers – transparency into
the formats where enterprises store most
of their human-generated data
This allows you to gain fast, pinpoint accurate
identification and investigation of any data.
Systems and methods for load-balancing by
secondary processors in parallel document
indexing
Sitsky & Sheehy US Patent – 8,359,365 B2
Why is Nuix different?Why is Nuix different?

Nuix Incident Response: Summary
• Advanced technology, unmatched scalability and deep experience in
cybersecurity and investigations
– We can change the way organizations tackle cybersecurity incidents.
– We can reduce the gap between incident detection & remediation.
– We can provide deep and rapid insights into the scope of a breach and the
path to resolution.
– We can build and apply intelligence.
– We can train and empower your cybersecurity and investigation teams.
– We can evolve to meet new challenges.
Nuix Incident Response: Summary

Data => Information => IntelligenceData => Information => Intelligence

Extract text and metadata from 100s of different file types
Email & Loose Files Incident Response Misc.
Microsoft:
• EDB, STM, EWS (Microsoft Exchange)
• PST, OST (Microsoft Outlook storage files)
• MSG (Microsoft Outlook single mail files)
Lotus:
• NSF (Lotus Notes / Domino)
Misc. Other:
• MBOX, DBX, MBX (Microsoft Outlook Express)
• EML, EMLX, BOX, SML
• Webmail – HTML Scraped from browser
cache
Document Types:
• HTML , Plain text, RTF, PDF
• DOCX, DOC, DOT (Microsoft Word)
• XLSX, XLS, XLT (Microsoft Excel)
• PPTX, PPT, POT, PPS (Microsoft PowerPoint)
• WKS, XLR (Microsoft Works spreadsheets)
Image Types:
• PNG, JPEG, JP2, TIFF, GIF, BMP, PBM, PPM,
PGM, RAW, WBMP, WMF, WMZ, EMF, EMZ
Forensic Image Files:
• Encase Images (E01, L01)
• Access Data (AD1)
• Linux DD Files
• Mobile Images (Cellebrite / XRY / Oxygen)
Log Files:
• Windows Event Logs (EVT/EVTX)
• Web Logs (IIS, Apache)
• Firewall & FTP Logs
• Logstash Output
Network Captures:
• PCAP Files
System Files:
• EXE/DLLs
• LNK, Prefetch & Jump List Files
• Windows Registry Hives inc. decoding
File System Artifacts:
• $LogFile, $UserJrml, Object ID
• Apple property lists
• Carving from unallocated & file slack
Fuzzy Hashing - SSDeep
Structured Data:
• MS SQL (Live & MDF/LDF are text stripped)
• SQLLite
Browser & Cloud Artifacts:
• IE, Safari, Chrome, Firefox
• Dropbox, AWS
Container Files
• ZIP, RAR, LZH, LHA, ARC, TAR, GZ, BZ2, ISO
Virtual Machine Images
• VDK, VMDK (Virtual Disk Images)
• Parallels
Archive Systems
• EMC EmailXtender (*.emx)/Source One
• Symantec 2007, 8, 9, 10
• HP EAS
DMS Systems:
• MS SharePoint
Unknown File Types:
• Unknown file types are text stripped.
Extract text and metadata from 100s of different file types

Search, Discovery and AnalyticsSearch, Discovery and Analytics

Incident Response DemandsIncident Response Demands

• Insider Threat is costly and damaging to any organization and is often overlooked
– One-third of cybercrime incidents involve insiders*
– Nearly 50% of organizations say insider breaches are more damaging than those by outsiders*
– 71% of employees say they can access data they should not see**
• 50% of employees take some form of data when they switch companies
– 43% of organizations say they cannot track user privilege escalation or anomalous access
behavior***
– Average cost of a breach is around $3.5 million*
• Organizations with a business continuity management, strong security posture and incident response
plan with a CISO reduced the cost of breaches substantially*
REMEMBER – AN EXTERNAL ACTOR BECOMES AN INSIDER!
* CERT Program at Carnegie Mellon University, 2014 US State of Cybercrime Survey
** Ponemon Institute, Corporate Data: A Protected Asset or a Ticking Time Bomb?
*** Courion, IT Security Executive Survey, Access Risk Attitudes
Incident Response DemandsIncident Response Demands

Nuix Incident Response – Overview

Enterprise Capable Collection
Includes enterprise capable logical
collections, volatile data capture and
visualization to allow investigators
capture wide and maintain control.
Enterprise Capable Collection

Deep Log File SupportDeep Log File Support

Powerful Filtering and SearchingPowerful Filtering and Searching

Combine Intelligence – Context and GeoIPCombine Intelligence – Context and GeoIP

Find A Thread…..And Pull It!
SQLi – identified as
“Notable Log Entry”
by ContextTimeline automatically finds
artifacts across other
evidence items
Find A Thread…..And Pull It!

Find A Thread…..And Pull It!Find A Thread…..And Pull It!

Deep File System AnalysisDeep File System Analysis

Case StudyCase Study

Product Use Case
• Client traditionally used EnCase and GREP, hugely sceptical about Nuix in a data breach scenario
• Nuix ingested over 10 million items (8.4 million apache logs) in 104 minutes (18.4 million log entries
results inside 5 minutes)
• Post processing only took 3 minutes to discover:
– SQLi
– Directory traversal
– Uploads of shell scripts
– Clear text card numbers
– IPs responsible for the attack
• Achieved using 8 core 28Gb RAM from a single RAID 5 disk

Nuix Incident Response – Find Out More

Events, Training and Thought Leadership Content
• Fact Sheet: Nuix Incident Response
• Brochure: Nuix Cybersecurity
• Whitepapers:
– The Good Shepherd Model for Cybersecurity
– One Window into Your Investigations
– Intelligence, Collaboration and Analytics for
Digital Investigations
• Nuix Unstructured Blog, Nuix Bytes Videos
• Nuix Fundamentals Cybersecurity Training
• Hack It & Track It Training
• Quarterly Threat Briefings
• Conference Presentations

FIND OUT MORE:
nuix.com/blog
facebook.com/nuixsoftware
linkedin.com/company/nuix
twitter.com/nuix
youtube.com/nuixsoftware
nuix.com

Thank You
Q&A

Cyber security event

More Related Content

What's hot (20)

Viewers also liked (16)

Similar to Cyber security event (20)

Recently uploaded (20)

Cyber security event