EnCase and Entropy: Foiling Polymorphic Malware with Thermodynamics

Alfred Chung

You’ve seen it in a dozen movies: a character commits a crime, is ID’ed on security camera footage, then dyes her hair to alter her appearance in hopes of evading capture. The m.o. is the same for polymorphic malware—malicious software that’s constantly evolving or changing in order to evade signature detection or blacklisting solutions. Although it’s not a new addition to the hacker’s arsenal, the use of polymorphic malware has lately become a favorite and highly dangerous tactic of organized cyber crime groups.

Black hats know that, if you change code enough, it will be unrecognizable to intrusion prevention systems that rely on code “signatures” or hashes. This is why we created and patented the Entropy Near-Match Analyzer—part of EnCase Cybersecurity—a few years back: to help incident responders find polymorphic variants of binaries based on a different type of measurement.

HP ArcSight Express and EnCase® Cybersecurity: Cost-effective Incident Prioritization and Response

Anthony Di Bello

There is a misperception—often heard—that  large companies make software solutions that try to be all things to everyone. We at Guidance Software work with some of the largest technology providers in the world, such as HP, Blue Coat Systems, and IBM, among others, to integrate our industry-leading incident response technology with best-of-breed SIEM and threat-detection solutions.

This is because we and our partners realize that whole, effective solutions to modern information security challenges cannot be delivered by any single information security vendor. Through our EnCase® Cybersecurity incident response solution, we help our customers bridge the gap between incident detection and response. We have seen time and time again that without an incident response solution or any degree of incident response automation (relying on human intervention) can lead to high response costs--up to $5.5 million per incident per recent Ponemon Institute research.

Lessons Learned from 2014 Cyber Breaches

Ashley Hernandez and John Lukach

At Guidance Software, we’re honored to train and work alongside information security teams inside numerous global corporations and government agencies. This gives us an ideal vantage point from which to learn and incorporate the latest intelligence on attack methods and best-practices for incident response. So here’s a look at what we’ve gleaned from this year’s barrage of cyber-attacks.

Where to Invest Resources in the High-Profile Breach Era

In our opinion, the biggest impact that the large number of headline-making breaches has had is in raising public and corporate awareness of the consequences and difficulty of securing companies’ assets. This awareness places more pressure and demand on those on the front lines of security.

Zombie-Proof Your Endpoints for Cybersecurity Awareness Month

Anthony Di Bello

The Department of Homeland Security has named October National Cybersecurity Awareness Month in an attempt to motivate everyone from government organizations and corporations to individual citizens to build stronger cybersecurity defenses. But with shrill “big hack” headlines appearing almost daily, how could any government or corporate organization not be hyper-aware of the rising threat level?

Help for the Help Desk: Announcing EnCase® Remote Recovery + for Fast, Remote File Recovery

When a sales director on another continent needs a contract file un-deleted—stat!—who’s she gonna call? IT help desk. Problem is, that usually means she needs to ship her laptop to headquarters or someone from IT has to get on a plane, train, or automobile. And both of those options require taking her offline when every moment of downtime could lose her a deal.

Enter EnCase® Remote Recovery +.