Showing posts with label ThreatGRID. Show all posts
Showing posts with label ThreatGRID. Show all posts

AMP Threat Grid Empowers Law Enforcement to Fight Cybercrime

Jessica Bair, Cisco

Recognizing the critical need for state and local law enforcement agencies to have state-of-the art technologies to effectively fight digital crime, Cisco is creating the AMP Threat Grid for Law Enforcement Program. The program is designed to empower those working to protect our communities from cybercriminals with its dynamic malware analysis and threat intelligence platform.

Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics/digital investigation capabilities. Malware analysis is also a critical part of digital investigation: to prove or disprove a "Trojan defense" for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.

Black Hat 2014: Live Demo of Threat Detection and Intelligence for EnCase

We invited Jessica Bair, one of the ThreatGRID experts with whom we have partnered at Cisco, to write a guest blog post for us about their upcoming presentation in our booth at Black Hat 2014, and she has delivered. We welcome her and Cisco SourceFire and ThreatGRID to our Guidance Software booth #1141--and to the Endpoint Intelligence blog.

The threat landscape is rapidly evolving and organizations are having a harder time keeping up. The negative consequences of security incidents continue to be more impactful. The trends, unfortunately, are favoring the adversaries:

  • Attackers getting better and faster than the defenders. Attackers now compromise organizations in days or even hours, while it takes defenders weeks or even months to discover that they have been compromised. This gap is increasing.
  • The number of incidents detected continues to grow. Organizations are detecting 25 percent more incidents than last year. While some of this may be the result of better detection, it still points to the growing number of incidents that need to be responded to and handled--not to mention the time pressure.
  • The financial costs of incidents are rising, particularly among organizations reporting high dollar-value impact.
  • There is a major shortage of skilled cybersecurity professionals, more than any other role within IT.
What is required is a threat-centric, integrated solution for breach detection, threat analysis, and remediation. Guidance Software, Inc. partnered with SourceFire and ThreatGRID (both now part of Cisco) for a best-in-class integrated approach:

The combined approach provides you with efficient and rapid incident response, including:

  • Proactive breach and threat detection with SourceFire NGIPS
  • Analysis of unknown threat files in ~5-30 minutes with ThreatGRID
  • Remediation across the enterprise with EnCase Cybersecurity
The business value and benefits are immediate and lasting. Our combined approach:

  • Decreases the time between detection and remediation
  • Increases the productivity and efficiency of security professionals to manage threats
  • Reduces risks and associated costs by lowering the exposure to related breaches
  • Increases the accuracy of malware analysis and threat intelligence.
We invite you to come see a live demonstration of this integration in action at Black Hat 2014. The demonstration will be held at 1:50 p.m. on Thursday, August 7 in the Guidance Software theater in booth #1141. Security experts will be on hand to answer your questions and discuss how you can improve your breach detection, conduct efficient threat analysis, and complete rapid, enterprise-wide remediation. See you there!

Jessica Bair, EnCE, EnCEP
Sr. Manager, Business Development
Advanced Threat Solutions - Cisco Security Group