Catelas Security Webinar 12 14 10
•Download as PPTX, PDF•
0 likes•201 views
Proactively containing the Insider Threat
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (12)
Similar to Catelas Security Webinar 12 14 10
Similar to Catelas Security Webinar 12 14 10 (20)
More from Rob Levey
More from Rob Levey (20)
Catelas Security Webinar 12 14 10
- 1. Copyright © 2010 Catelas Inc. All rights reserved. Relationship Forensics Detect & contain Information Theft without collecting a single email
- 2. Copyright © 2010 Catelas Inc. All rights reserved. Agenda Traditional approach to Data Leakage and Investigations Introducing a new approach Catelas demo Q&A
- 4. With i-fact, has worked on hundreds of complex Security Investigations for Corporate clients worldwide
- 5. Created and managed the Forensics Investigations Unit at State Street – recognized as one of the best in the world
- 6. Extensive experience in complex eDiscovery cases working with senior management, corporate General Counsel and Law firms
- 7. Conducted over 1,000 digital forensic and cyber investigations over a distinguished career
- 9. Current tools monitor data movement, not people
- 10. Security investigations , by nature, are reactiveDetect & contain Information Theft without collecting a single email * Ponemon Institute - 78% of US companies have suffered unreported insider breaches; 59% of departing employees steal company information.
- 12. Too much data to collect / where to start
- 13. Investigations team gets called in after the event (or suspicion)
- 15. Prioritization is difficult because usually not much is known about the case
- 16. Speed of collection tends to over-shadow quality of collection
- 17. Process is iterative – re-collection is inevitable Re-active & iterative Labor &cost intensive
- 18. Insider Theft Trade Secrets – departing employee UBS Accuses Three Quant Traders Of Stealing Its Source Code “UBS has filed a lawsuit against three quant former employees alleging that they stole proprietary trading software with the intent of using it at their new employer, Jefferies & Company.“ The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS. Uncover IP theft in minutes - without collecting email Early detection = containment!
- 19. Litigation Investigations Early Case Analytics Internal Investigations Example: M&A press leak. Who inside the company leaked information to the press [shaded grey]? Some individuals are authorized to speak to the press. Some are not! F Keavey who works in R&D should not be communicating with John Edmiston Quickly establish who to investigate and tag suspicious emails.
- 20. Kick-backs - FCPA Kick-backs - FCPA SEC fines GE $23M for FCPA violations General Electric Company, whose compliance program is among the most respected and admired in the world, has settled civil violations of the Foreign Corrupt Practices Act with the SEC. The company agreed to pay $23.4 million to resolve claims of kick-backs to Iraqi government officials for lucrative supply contracts by four GE subsidiaries paid under the United Nation's oil-for-food program. Quickly assess the severity of the investigation. Co-operate with authorities. Negotiate early. Early resolution = reduced fine and less PR exposure
- 22. Automated anomalous Behavior reporting: identify high-risk relationships and define policy before incidents occur
- 23. Detailed Forensics Investigations:identify key suspects before collection process and review beginsConduct investigations 5 times faster; detect & contain Info Theft without collecting a single email Copyright © 2010 Catelas Inc. All rights reserved.
- 25. Proven link analysis methodology used by law enforcement
- 26. Allows surveillance of entire email network with same manpower as sampling
- 27. Pro-active, non-disruptive, highly efficient work flow – at significantly lower costCopyright © 2010 Catelas Inc. All rights reserved.
- 29. Social Network Analysis identifies missing custodians & uncovers ‘friends in common’
- 30. Log file analysis allows ENTIRE company network to be uncovered
- 31. Advanced Data Analytics uncover IP theft & information flow
- 32. Highly scalable & comprehensive
- 33. Easy to use, deploy & maintain
- 34. No integration with email server
- 35. Low cost of ownershipIM Email Telephony Log files Copyright © 2010 Catelas Inc. All rights reserved.
- 37. Identify and tag relevant custodians and/or specific emails (or documents)
- 38. Reduce collection and investigation time and costs by up to 80%Copyright © 2010 Catelas Inc. All rights reserved.
- 40. Identify people, behavior, communications – collect only precisely what is needed
- 41. More effective investigations – save money; use your time more effectivelyCopyright © 2010 Catelas Inc. All rights reserved.
- 43. Uncover security and compliance breaches without collecting a single email
- 45. Conduct investigations 5 times faster !
- 46. Intelligent Collection and Early Case Assessment for Legal cases
- 47. Identification - preserve & collect the right people first time
- 48. Reduce collection time and costs by 75%
- 49. Holistic solution – Info Sec, Legal and Compliance
- 50. Quick time to value through shared cost of ownershipCopyright © 2010 Catelas Inc. All rights reserved.
- 51. Live Demo Copyright © 2010 Catelas Inc. All rights reserved.
- 52. Copyright © 2010 Catelas Inc. All rights reserved. Thank You Eddie Cogan 617-407-2967 eddie.cogan@catelas.com www.catelas.com Scott Emery 978-844-3463 semery@i-factanalysis.com www.i-factanalysis.com
Editor's Notes
- KEY POINTSQuickly highlight the relationships that matter, saving time, enabling a risk assessment to be made earlier in the cycleBy knowing who and what to investigate EARLY, our clients save an enormous amount of time and money downstream in the EDRM process.EXAMPLE – JP Morgan - always on log file analysis – 250,000 employees – identify custodians, dramatically reduced the number of pst’s and hence emails that need to be collected, preserved and analyzed.Early Case Analysis and Assessment. How can you make a real assessment when you may not have all the right people, custodians, wrong data etc.The other methods just “tell you that their technology filter data sets down by 95% based on keywords etc” , but it is still looking at the data. One way the Catelas technology is being used for eDiscovery Cases is to analyzes log files from Exchange and other systems even before collecting any emails. The value comes from being able to make sure you have all the right suspects, custodians etc. upfront the first time. This allows functions such as Legal, Compliance, Risk and Information Security to understand both who knows who, how well and a chance to uncover non-obvious relationships, BEFORE a single email is ever collected and get a better handle of what data really needs to be collected. Normal methods of looking at content really may be (too big to look at all the emails, so some just look a snapshot –that still depends on your keywords or how good your search is)…that all changes with Catelas, because you can analyze log files (20GB may = 10-15 MM emails) and Catelas is the only ones doing that today. Avoid over collection and spoliation; preserve the right content by uncovering non-obvious relationships and activity
- UBS loses trade secrets theft caseFeb 22 2010The US Financial Industry Regulatory Authority (FINRA) has ruled against UBS in its allegations that three of its former employees stole an algorithmic trading code used by the bank.The arbitration case found in favor of the three employees – Jatin Suryawanshi, Partha Sarkar, and Sanjay Girdhar. According to the UBS complaint, they were accused of misappropriating trade secrets, breach of contract, breach of fiduciary duty, unfair competition and “other wrongdoing” while they were employed by UBS Securities.They were accused of obtaining proprietary company information – in this case the source code for UBS’s algorithmic trading programmes. They were then planning to give the source code to their new employees at investment bank Jefferies & Co, according to the report which appeared in Securities Industry News.Reports said that Sarkar had allegedly copied 25,000 lines of computer source code from UBS computers. This was roughly equal to the length of one algorithm, or parts of several. He then allegedly emailed this code to this personal email account. Suryawanshi was also accused of attempting to hide his colleague’s theft by deleting the records from a UBS computer.The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS. Suryawanshi was accused of a breach of fiduciary duties by poaching the other two programmers to work for other investment bank. The three former UBS employees had denied the charges.
- The Catelas Platform is based our UNIGUE combination of Sciences: Behavioural Analysis, Social Network Analysis, and Data Analytics. We analyze communications data including e-mail, IM and telephony. For the Webmail and external IM we would take a feed from the Firewall.Our advanced network & relationship analysis algorithms allow networks to be analyzed quickly. Within hours, Catelas identifies both the internal and external people who should be investigated, before all the email content is analyzed and reviewed. For example Catelas was deployed in 2 days into one of largest financial services companies, with 40 exchange servers/12 million emails per week, with no disruption to existing systems such as Microsoft Exchange. For example, the strength of a relationship is not solely influenced by the raw number of communications but rather the patterns within the interactions between two people. i.e. During a shared experience – such as working on a project together – the strength of Relationship between 2 people will become stronger faster. This is represented by a burst of interactions. We analyse these burst and other patterns to determine the strength of a relationship.
- For Security ONLY