Cyber security is an arms race, and there’s no sign of a letup. In the past six months on this blog, we’ve been talking quite a bit about the need to tighten the gap between a breach, or potential breach, and the ability for an organization to respond. As we’ve reported previously, malware authors are working constantly to make their infiltration as stealthily as possible with attack exploit code, Trojans, keystroke loggers, network sniffers, bots – whatever works to infiltrate the network and then ex-filtrate the desired data.
To succeed, IT security and incident response teams need to be able to clamp down on these attacks as soon as is possible. That’s why Guidance Software just announced the coupling of Encase® Cybersecurity with FireEye’s Malware Protection System.
In case you are not familiar with it, the FireEye Malware Protection System combats advanced malware, zero-day, and advanced persistent threat attacks. The Malware Protection System supplements traditional security defenses, such as firewalls, intrusion prevention systems, anti-virus, and Web gateways, which can't stop advanced malware, thus leaving significant security holes in the majority of corporate networks. Data theft, cyber espionage, system sabotage, and data corruption are some of the scenarios occurring today in targeted attacks.
Together, FireEye Malware Protection System and EnCase Cybersecurity provide:
| • | | Reduced security operation costs: Improve the time to detect and increase the analysis capacity to move the malware detection and response cycle from weeks to minutes. |
| • | | Adaptive defense to stop targeted, zero-day attacks: Analyze network traffic to identify new and unknown attacks in real time, and audit endpoints to expose unknown risks that may have evaded signature-based defenses. |
| • | | Block data exfiltration attempts and contain threats at the endpoint: Stop outbound callback communications so as to disrupt compromised systems from being further exploited. Wipe out data associated with the threat from affected endpoints. |
| • | | Make quick and accurate decisions: See exactly what was occurring on an endpoint the moment an alert is generated, and trace the full execution path of zero-day and known attacks to accurately determine the source and scope of an attack. |
| • | | Accurate results: Avoid false positives through confirmation of malware via comprehensive, automated testing and endpoint validation. |
| • | | Automated sensitive data audit: Understand immediately if sensitive data are at risk so that response activities can be prioritized. |
This coupling builds upon previous steps that Guidance Software has taken to help security and incident responders react more quickly. Last year, we joined EnCase Cybersecurity with security information and event management (SIEM) systems to facilitate security automation. For example, when an attack or breach event is suspected, the SIEM system can automatically trigger an EnCase Cybersecurity forensic response, including exposing, collecting, triaging, and remedying data related to threats — essentially taking action on or gathering data about a security event that might otherwise have been missed.
By automating incident response – whether it is leveraging the vast amounts of information using SIEMS, or the information gathered by an advanced, signature-less malware analysis – organizations now can capture actionable attack information, minimize data leakage, and reduce the time needed to eliminate the threat and return an endpoint computer to a normal state.
For more information, read the news story.