Beyond Reactive: Your Security Game Plan

Sandy Lii The well-known military general and strategist Sun Tzu said it best in The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” In today’s war against cybersecurity threats, two types of enemy have been classified: known threats and unknown threats.

The known threats, true to their name, are tracked by their known and readily available signatures and are typically stopped by perimeter security solutions such as antivirus software, firewalls, or SIEM (security information and event management) systems. While these tools are necessary and can be effective at stopping known threats, the unknown threats--the ones with no defined modi operandi or signatures--remain at large within organizations, lurking undetected, waiting for the right moment to strike. Sometimes, these threats can even be a careless or disgruntled employee.

So how can we get to know these unknown threats and expose the risks they are imposing on the organization? Such a task can only be achieved by having multidimensional visibility into the entire organization. And EnCase®Analytics has got it all.

GO WIDE to view the entire breadth of the organization’s endpoints. Historically, due to resource constraints, scientists have to be mindful of the sample sizes to ensure that the tests performed can provide statistically significant results. But isn’t there greater potential in looking at the entire population for a holistic assessment, if we can do so easily and quickly? EnCase Analytics marries its expertise in obtaining endpoint data with easy-to-understand visualization technology to allow the widest possible view of enterprise-wide endpoints quickly and efficiently.

GO DEEP into the kernel. To gain intelligence and insights into the organization’s security posture, solutions on the market use data sources ranging from machine logs, network packets, or even end-user activities to perform Big Data analytics. Yet none but EnCase Analytics goes so deep as to the kernel level to get data such as encrypted data, slack space, registry, RAM, etc.--data that are extremely difficult to obtain. Yet we insist on capturing data from the kernel level so as to avoid false information provided by already compromised operating systems. This is a differentiator well described by enterprise security analyst Javvad Malik in his recent 451 Research Impact Report: Guidance EnCaseAnalytics, where big data meets digital investigations, “Guidance believes that where it differs and can add value is . . . it drills into the kernel level and exposes previously dark parts of the endpoint.”

GO BACK in time and provide continuous intelligence through time. How do you spot an anomaly when you don’t know what “normal” is? One of the critical dimensions of security intelligence is to be able to baseline the activities over a period of time. Cases such as sudden spikes of unique processes running across the endpoints is something that requires further investigation, but it would not be visible as an anomalous behavior unless it is tracked through time.

So EnCase Analytics captures data from all the endpoints, down to the kernel level, throughout the entire duration of time. The key, however, is in using all these endpoint data to enable organizations to…

GO PROACTIVE and move beyond reactive. In the June 3^rd blog entry, Hello?You’ve Been Breached, my colleague AleEspinosa described beautifully the state of today’s security intelligence landscape and how “70% of cyber breaches go completely undetected by organizations’ security teams, and are instead discovered by external parties like the authorities, FBI, or even the attackers themselves.” Revenue and time losses aside, such publicly known cyber breaches also have a huge impact on the organization’s reputation and brand image. As a critical last piece of the security game plan, organizations can use all the data captured and presented via an interactive visualize interface by EnCase Analytics to proactively scout out the telltale signs of threats, even if the threats were created by the organization’s own careless or out-of-policy employees.

With EnCase Analytics, organizations can not only learn more about themselves with complete visibility to all the endpoints, but also know and identify their cyber enemies. EnCase Analytics is a comprehensive security intelligence game plan to victory in this war against cyber threats. 

To learn more about EnCase®Analytics and how it can help you stay on top of your systems’ security, visit http://www.guidancesoftware.com/encase-analytics.htm.