Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Will forensic technology on endpoints aid investigation and stop breaches and infections?

by The Gurus
April 17, 2015
in Opinions & Analysis
Share on FacebookShare on Twitter

Is there more demand for forensic technology to be hosted on endpoints, as more breaches occur at the employee’s end?
 
Stuart Okin, VP EMEA at Cipher, told IT Security Guru that it commonly sees Guidance Software’s Encase solution deployed on every endpoint, as most businesses only wait until something bad occurs to do something about it.
 
“What we are seeing is a trend in this direction in the US which allows a remote analyst to track how the infection or breach occurred, what led up to it and how it spread or laterally moved. Combining this with deep packet inspection, it then allows analysts to look for the insider threat,” he said.
 
Okin said that the main issue is the amount of logs and “noise” to be managed, as the data feeds in to the Security Operations Centre and SIEM.
 
This week’s Verizon Data Breach Investigations Report revealed that 23 per cent of recipients open phishing messages and 11 per cent of recipients click on attachments, yet when there is a major breach the forensics team look at the network. So is it a surprise that there is more demand for forensic technology to sit on the endpoint?
 
So is this completely unbelievable, or the start of a solution to avoid the issue of employees being the cause of data breaches? Ryan Rubin, managing director of Protiviti said that what would be prohibitive would be the cost element, but from his own experience, he found it would not scale and when there is a breach and there is an investigation at most organisations, Protiviti is called in to forensically analyse those endpoints and there are technologies allowing you to do this.
 
“As an industry we are doing very focused searches and once you look at the full drive and on the endpoint, you search for particular bits of information and if that triggers an alert, then a more detailed investigation gets done,” he said.
 
“The big challenge with recording everything, all of the traffic, is that activity is noisy and what I have seen is anti-virus vendors extending their solution set to keep up in the space, and that can include fine signature monitoring and application whitelisting, but we are not there yet with the full forensic capability.”
 
The challenge is not only managing the solution and its potential for huge amounts of data, but also the cost of adding more solutions to the endpoint. Quentyn Taylor, director of information security for EMEA at Canon, told IT Security Guru that he would find it hard to justify pushing this out to thousands of clients, as if you were continually having employee issues it may be worth doing, but maybe solve the issues in a different way rather than just prepping everyone for laptop forensics.
 
He also acknowledged that there may be a privacy issue, as if you are working in a regulated environment a regulator could be convinced into endpoint forensics being a recommended piece of technology, then it may take off.
 
“We’ve looked into this, and we said ‘how many cases do we process in a year’ and ‘could we really justify this to work councils and unions’ and ‘could I justify this to operations as they will have to maintain that package’,” he said. “Unless you are doing so many cases all of the time that it is worth doing this, but we are not.
 
“It is a technology that it interesting but I think about the ROI and if I cannot justify it to myself, I cannot do so to the board.”
 
So maybe that is the challenge for security managers, trying to convince the board that this case of a technology assurance is worth investing in if a breach were to happen? Maybe it is a way off yet, but Rubin said that one move is towards virtualised desktops where everyone has a thin client and logs into a remote desktop, so it becomes easier to capture what is taking place in those environments.
 
Speaking to CISO and Give01Day founder Amar Singh, he said that he is aware of endpoint forensic technologies being used in incident response scenarios, as well as in audit situations to demonstrate compliance and save costs in licensing.
 
However he was keen to stress that this all comes down to visibility, as that is one of the key tenants of managing cyber security to determine what is happening. He said it is not about trying to catch an employee out, but to make sure they don’t compromise the integrity of the company.
 
“Without visibility of endpoints you are blind in one eye as you only have partial visibility,” he said. “Endpoint visibility is the state of the endpoint changing and it gives you sight into what is happening.”
 
He explained that he sees more and more products offering visibility into the state of the machine, and he disagreed that it is not needed, as businesses need to encourage the benefits of detection and gaining visibility and protect against attacks.
 
“What will save you from fines will be detection in a certain period of time, and the only way to do that is visibility,” he said. “This is not an anti-virus model, this is admitting that machines could be compromised. If something has done something on your machine, you want to know what it did.”
 
Singh said that monitoring brings up connotations of being watched, but endpoint visibility can aid the state of compromise. Perhaps the state of forensic technology has moved fast after the “year of the breach” in 2014 and with big acquisitions in the managed service space, but on the endpoint – maybe this is a trend to watch as if it solves an issue and better aids an investigation, it is not worth dismissing.

FacebookTweetLinkedIn
Tags: DetectionForensicMonitoringVisibility
ShareTweetShare
Previous Post

Crowd funding for open source could prevent future flaws

Next Post

Treat your mobile API as a "first class citizen"

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information