FTC Notes Forensic Security Capabilities Critical to Breach Response
Security | Nov 1, 2016
Last week, the FTC issued a new paper and accompanying video advising business on what to do in the event of a data breach. Central to the recommendations are a capacity to conduct an incident response investigation immediately after detecting signs of compromise. Acknowledging not every business has a security operations center or incident response personal on-staff, the paper recommends identifying and working with independent forensic investigators as the first step.
Whether you do or do not have such individuals in your employ, having the right technology in place *before* a breach can make the difference between early detection and rapid, measured response with limited damages, and a full-blown crisis. EnCase Endpoint Security provides both early detection capabilities through an easy-to-use threat hunting interface designed with a security analyst in mind, as well as automated incident response capabilities that enable you to automate elements of the FTC recommendation such as capturing the evidence of the breach from effected machines, initial scope and impact assessment, and quarantining computers. Whether you have the expertise in-house or have to call for outside help, proactively deploying an endpoint security solution allows organizations to carry out the initial steps of incident response ensuring expensive outside help can get to work right away on analyzing the data rather than the costly and time-consuming efforts of manually chasing down computers and imaging systems.
Additionally, all data collected with EnCase Endpoint Security ensures breach related evidence is preserved in such a way as to stand up to the scrutiny of regulators or, if required, the courts. EnCase is the same technology used by the federal government to conduct their own security investigations and has been since 2006. EnCase Endpoint Security has helped organizations answer key considerations posed by the paper such as:
- How did it happen?
- What was taken?
- What machines were affected?
- What do we need to do to remedy the situation and prevent this from happening again?
Finally, EnCase Endpoint Security delivers everything you need to remediate systems – wiping malware and related artifacts from systems without taking those systems down – ensuring you can confidently report on actions taken and the effectiveness of your remediation efforts.
To read the FTB paper “Data Breach Response – A Guide for Business” click here: https://www.ftc.gov/news-events/press-releases/2016/10/what-do-when-you-suspect-data-breach-ftc-issues-video-guide
To learn more about how EnCase Endpoint Security can ensure you are prepared for the inevitable, please visit: https://www.guidancesoftware.com/encase-endpoint-security
Anthony Di Bello is senior director of product marketing at Guidance Software and is responsible for the voice of the customer and go-to-market strategy across Guidance Software forensic security, data risk management and digital investigations products. An 11-year veteran of Guidance, Anthony previously served as director of Strategic partnerships.