Fns Incident Management Powered By En Case


Published on

Incident Management Practice powered by EnCase

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Fns Incident Management Powered By En Case

  1. 1. Securely Enabling Business FishNet Security Incident Management Powered by EnCase® Cybersecurity Overview Banking Trojans, Spear Phishing, SQL Injection Attacks, Polymorphic Malware … threats that were relatively rare or unknown a few years IMF Key Domains ago are causing security teams across the globe to rethink their • Communication security strategies as the traditional security approach of “putting up ͳͳ Internal more walls” has been proven to be less effective against a determined adversary. One security discipline rising to meet these challenges is ͳͳ External Incident Management and Response. Organizations are moving to • Collection of Information what is being referred to as a “zero trust” or “lean forward” model of ͳͳ Acquisition implementing policy and procedures around the assumption that they ͳͳ Chain of Custody may have already been compromised and just don’t know it yet. ͳͳ Data Retention Incident Management refers to not only ensuring policies are in place • Analysis to expose potential threats that may have evaded perimeter defenses, ͳͳ Technical but also that an organization is able to move quickly when a data ͳͳ Operational breach does occur to minimize the impact, cost, recovery time and reoccurrence of each incident. • Containment ͳͳ Emergency Action Plans (EAP) • Mitigation Solution ͳͳ Remediation FishNet Security and Guidance Software have partnered to provide ͳͳ Prevention a complete incident management solution designed to address the ͳͳ Testing gaps left by the traditional layered security through a combination of • Legal Counsel skilled resources, proven methodology and cutting-edge technology. ͳͳ Litigation Hold The approach is designed to enable organizations to adopt a “lean ͳͳ Request for Discovery forward” approach, exposing potential risks to a network before those vulnerabilities are fully exploited and used to exfiltrate data as well as ͳͳ Liability to ensure an organization is completely prepared in the event of a data • Immediate Response breach. ͳͳ Active ͳͳ Passive • Documentation ͳͳ Procedures ͳͳ Formal IR Plan TM ͳͳ Operational ID#11SS0037 Last Modified 09.20.2011Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.
  2. 2. FishNet Security Incident Management Powered by EnCase® Cybersecurity FishNet Security Program Today’s Threat Landscape FishNet Security facilitates an approach tailored to the unique Today, cyber crime is a for-profit aspects of your organization industry with huge financial and network architecture. motivation to break into your Our consultants recognize network and steal your valuable business drivers and goals, data. As such, the attackers and tailor solutions to meet have spent time and resources the specific initiatives of each to learn about your defenses organization. The end result is an and create highly specialized effective Incident Management malware designed to evade Framework (IMF) tailored to a those very defenses. Examples of customer’s environment and these types of advanced threats based on industry-accepted include: standards of best practice. FishNet Security provides • Custom Malicious Code services to help organizations • Polymorphic Malware respond quickly to incidents, • Hacktivism develop overall incident management programs, and • 0-day Attack Vectors test their incident response • Exfiltration of Sensitive capabilities. Our consultants Data use industry-best practices to assist clients in the growth • Memory Resident and maturity of their incident Malware management programs. • Anti-virus Targeted FishNet Security also provides Malware skilled consultants certified in • Encrypted Malicious incident response and forensic Code Execution best practices to respond quickly to any urgent need. Our rapid response team can be in motion anywhere in the world within 24 hours to coordinate a response and conduct a full investigation of the incident. The team also will take the proper steps to mitigate risk and potential fallout. ID#11SS0037 Last Modified 09.20.2011Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.
  3. 3. FishNet Security Incident Management Powered by EnCase® Cybersecurity Guidance Software - EnCase® Cybersecurity EnCase Cybersecurity is an all-in-one software solution that provides information security and incident response teams with the ability to dynamically expose covert malicious code, including polymorphic code, and proactively identify unknown threats to endpoints in any networked environment. With EnCase Cybersecurity, organizations can shift from a reactive to a proactive approach by zeroing in on potential threats, completely recovering computers from malicious code infiltration and drastically reducing the cost and time associated with response and recovery. And if an incident does occur, the EnCase Cybersecurity solution provides everything an organization needs to quickly and effectively respond and answer critical questions essential to mitigate the risk of an incident, such as: • Where in the network did the threat originate? • How did the threat spread across the network? • What is the full scope of the intrusion? • How has the threat evolved? • And more … EnCase Cybersecurity includes unique capabilities that put organizations one step ahead of those who wish to compromise corporate networks. With the ability to triage for covert threats, perform detailed memory analysis, and leverage advanced algorithms to determine code similarity, EnCase Cybersecurity allows organizations to recover from the most evasive threats. Adaptive Defense FishNet Security investigators leverage the advanced capabilities of EnCase Cybersecurity to enable organizations with the tools and resources necessary to expose and respond to the types of advanced threats that may have already penetrated your layered defenses. Experienced examiners work with internal resources to identify, contain, profile and eradicate the malicious code. This is achieved through EnCase Cybersecurity by exposing unknowns, analyzing anomalous behavior and determining the true scope of infection or breach. A unique aspect of this approach lies in powerful patent-pending similar-file analysis capabilities of EnCase Cybersecurity, which allows a single iteration of the offending malicious code to be used to find all like iterations across the enterprise. This is useful when attackers are able to change the signature of a piece of malware each time it copies itself to another device on the network. Because this approach does not rely on a static signature or behavioral trait like traditional solutions, it provides a truly adaptive defense against emerging threats. ID#11SS0037 Last Modified 09.20.2011Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.
  4. 4. FishNet Security Incident Management Powered by EnCase® Cybersecurity Comprehensive Containment During a security incident, one of the primary concerns is containment of the event and ensuring sensitive data is accounted for and has not been compromised. With the ever-increasing speed and complexity of information technology infrastructures, the ability to fully quantify an event can be very time-consuming. Environments span continents, contain thousands upon thousands of nodes, and each endpoint can have terabytes of data. Ensuring proper containment and validation of data can prove infeasible if not for enterprise grade tools such as EnCase Cybersecurity. FishNet Security investigators understand the complexities of today’s environments as well as the attack profile used by malicious individuals. Combined with the power of EnCase Cybersecurity, they can help work toward comprehensive containment of an event. Each endpoint can be scanned for malicious code, unauthorized sensitive data, insecure operating configurations, and various other known security weaknesses that are independent of known signatures or behaviors. Identified endpoints can then be remediated to bring the device back into a secure state that meets with internal compliancy requirements. Finally, certain elements of the newly exposed malware can be retained and scanned against on an ongoing basis to ensure the threat or similar threats are not reintroduced into your environment. Information gleaned through a proper incident management framework gives your security team the intelligence they need to better tailor defenses against subsequent attack and to move away from the never-ending game of “malware whack-a-mole.” About FishNet Security We Focus on the Threat so You can Focus on the Opportunity. Committed to security excellence, FishNet Security is the #1 provider of information security solutions that combine technology, services, support and training. FishNet Security solutions have enabled more than 5,000 clients to better manage risk, meet compliance requirements and reduce cost while maximizing security effectiveness and operational efficiency. For more information about FishNet Security, visit www.fishnetsecurity.com. ID#11SS0037 Last Modified 09.20.2011Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.