Just in time for the Department of Homeland Security’s National Cyber Security Awareness Month, Guidance Software has unleashed one of the most powerful weapons in the war against security risks--EnCase® Analytics. In fact, we announced the general availability of EnCase Analytics just yesterday. This is big news for information security, incident response, and risk and compliance teams, because EnCase Analytics gives you something you could never get before: an early look at previously unknown and difficult-to-detect threats through the use of “big data” analytical techniques. It does this by analyzing the reams of data generated by your users’ endpoint activity, producing for the first time a clear picture of organization-wide security risk—both internal and external.
Proactive Threat Surveillance
IT security teams have been monitoring network activity for years. The missing piece—and it’s a big one—has been the massive amounts of data and processes being generated daily on corporate endpoints, including servers. EnCase Analytics makes it possible to take a proactive threat surveillance posture by collecting and analyzing the activity across all those endpoints. It helps reveal new threats, compromised accounts, back-channel communications and processes that morph as they propagate throughout a network and often bypass detection- and signature-based security measures.
This is not something that even highly skilled data scientists could manage on an ongoing basis. As Jon Oltsik, senior principal analyst for the Enterprise Strategy Group (ESG) said, “IT operations and security staffs are often overwhelmed by the task of monitoring and managing thousands of endpoint devices. Consequently, security data collection and analysis from endpoints can be inadequate or even nonexistent.” He says that what’s needed is security monitoring and analytics solutions that offer comprehensive coverage, ease of use, and automation to manage the massive scale, mobility, and dynamic nature of all these endpoint devices.
EnCase Analytics enables IT security teams to visualize security problems that would otherwise go undetected, such as the following.
Pointing to advanced persistent threats (APTs): While many security solutions highlight network traffic to countries where suspected hacking originates, EnCase Analytics lets you quickly see which processes and services are making requests to those countries. If a kernel service is connecting to one of these countries, this may be a serious problem and potential evidence of an APT attack.
Visualizing polymorphic malware: Few security solutions can spot malware that changes its name to avoid signature detection. EnCase Analytics shows the number of instances of a process and that number’s deviation from normal, as well as other processes that might have the same prevalence over a period of time. If there are similarities in the way multiple processes are acting across machines, it is clear, visual evidence of polymorphic malware.
See visuals of EnCase Analytics in action here.
We think this is the beginning of a new, more proactive phase of threat intelligence in the enterprise, and are excited to be bringing you the technology that will power it.