Mais conteúdo relacionado
Semelhante a Fns Incident Management Powered By En Case (20)
Fns Incident Management Powered By En Case
- 1. Securely Enabling Business
FishNet Security Incident Management
Powered by EnCase® Cybersecurity
Overview
Banking Trojans, Spear Phishing, SQL Injection Attacks, Polymorphic
Malware … threats that were relatively rare or unknown a few years IMF Key Domains
ago are causing security teams across the globe to rethink their • Communication
security strategies as the traditional security approach of “putting up
ͳͳ Internal
more walls” has been proven to be less effective against a determined
adversary. One security discipline rising to meet these challenges is ͳͳ External
Incident Management and Response. Organizations are moving to • Collection of Information
what is being referred to as a “zero trust” or “lean forward” model of ͳͳ Acquisition
implementing policy and procedures around the assumption that they ͳͳ Chain of Custody
may have already been compromised and just don’t know it yet.
ͳͳ Data Retention
Incident Management refers to not only ensuring policies are in place • Analysis
to expose potential threats that may have evaded perimeter defenses, ͳͳ Technical
but also that an organization is able to move quickly when a data
ͳͳ Operational
breach does occur to minimize the impact, cost, recovery time and
reoccurrence of each incident. • Containment
ͳͳ Emergency Action
Plans (EAP)
• Mitigation
Solution ͳͳ Remediation
FishNet Security and Guidance Software have partnered to provide ͳͳ Prevention
a complete incident management solution designed to address the ͳͳ Testing
gaps left by the traditional layered security through a combination of • Legal Counsel
skilled resources, proven methodology and cutting-edge technology. ͳͳ Litigation Hold
The approach is designed to enable organizations to adopt a “lean
ͳͳ Request for Discovery
forward” approach, exposing potential risks to a network before those
vulnerabilities are fully exploited and used to exfiltrate data as well as ͳͳ Liability
to ensure an organization is completely prepared in the event of a data • Immediate Response
breach. ͳͳ Active
ͳͳ Passive
• Documentation
ͳͳ Procedures
ͳͳ Formal IR Plan
TM
ͳͳ Operational
ID#11SS0037
Last Modified 09.20.2011
Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.
- 2. FishNet Security Incident Management
Powered by EnCase® Cybersecurity
FishNet Security Program
Today’s Threat Landscape FishNet Security facilitates an
approach tailored to the unique
Today, cyber crime is a for-profit aspects of your organization
industry with huge financial and network architecture.
motivation to break into your Our consultants recognize
network and steal your valuable business drivers and goals,
data. As such, the attackers and tailor solutions to meet
have spent time and resources the specific initiatives of each
to learn about your defenses organization. The end result is an
and create highly specialized effective Incident Management
malware designed to evade Framework (IMF) tailored to a
those very defenses. Examples of customer’s environment and
these types of advanced threats based on industry-accepted
include: standards of best practice.
FishNet Security provides
• Custom Malicious Code services to help organizations
• Polymorphic Malware respond quickly to incidents,
• Hacktivism develop overall incident
management programs, and
• 0-day Attack Vectors test their incident response
• Exfiltration of Sensitive capabilities. Our consultants
Data use industry-best practices
to assist clients in the growth
• Memory Resident and maturity of their incident
Malware management programs.
• Anti-virus Targeted
FishNet Security also provides
Malware skilled consultants certified in
• Encrypted Malicious incident response and forensic
Code Execution best practices to respond quickly
to any urgent need. Our rapid
response team can be in motion
anywhere in the world within 24
hours to coordinate a response
and conduct a full investigation
of the incident. The team also
will take the proper steps to
mitigate risk and potential
fallout.
ID#11SS0037
Last Modified 09.20.2011
Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.
- 3. FishNet Security Incident Management
Powered by EnCase® Cybersecurity
Guidance Software - EnCase® Cybersecurity
EnCase Cybersecurity is an all-in-one software solution that
provides information security and incident response teams
with the ability to dynamically expose covert malicious code,
including polymorphic code, and proactively identify unknown
threats to endpoints in any networked environment. With EnCase
Cybersecurity, organizations can shift from a reactive to a proactive
approach by zeroing in on potential threats, completely recovering
computers from malicious code infiltration and drastically reducing
the cost and time associated with response and recovery.
And if an incident does occur, the EnCase Cybersecurity solution
provides everything an organization needs to quickly and
effectively respond and answer critical questions essential to
mitigate the risk of an incident, such as:
• Where in the network did the threat originate?
• How did the threat spread across the network?
• What is the full scope of the intrusion?
• How has the threat evolved?
• And more …
EnCase Cybersecurity includes unique capabilities that put
organizations one step ahead of those who wish to compromise
corporate networks. With the ability to triage for covert threats,
perform detailed memory analysis, and leverage advanced
algorithms to determine code similarity, EnCase Cybersecurity
allows organizations to recover from the most evasive threats.
Adaptive Defense
FishNet Security investigators leverage the advanced capabilities of EnCase Cybersecurity to enable
organizations with the tools and resources necessary to expose and respond to the types of advanced
threats that may have already penetrated your layered defenses. Experienced examiners work with
internal resources to identify, contain, profile and eradicate the malicious code. This is achieved through
EnCase Cybersecurity by exposing unknowns, analyzing anomalous behavior and determining the true
scope of infection or breach.
A unique aspect of this approach lies in powerful patent-pending similar-file analysis capabilities of EnCase
Cybersecurity, which allows a single iteration of the offending malicious code to be used to find all like
iterations across the enterprise. This is useful when attackers are able to change the signature of a piece
of malware each time it copies itself to another device on the network. Because this approach does not
rely on a static signature or behavioral trait like traditional solutions, it provides a truly adaptive defense
against emerging threats.
ID#11SS0037
Last Modified 09.20.2011
Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.
- 4. FishNet Security Incident Management
Powered by EnCase® Cybersecurity
Comprehensive Containment
During a security incident, one of the primary concerns
is containment of the event and ensuring sensitive data
is accounted for and has not been compromised. With
the ever-increasing speed and complexity of information
technology infrastructures, the ability to fully quantify an
event can be very time-consuming. Environments span
continents, contain thousands upon thousands of nodes, and
each endpoint can have terabytes of data. Ensuring proper
containment and validation of data can prove infeasible if not
for enterprise grade tools such as EnCase Cybersecurity.
FishNet Security investigators understand the complexities
of today’s environments as well as the attack profile used by
malicious individuals. Combined with the power of EnCase
Cybersecurity, they can help work toward comprehensive
containment of an event. Each endpoint can be scanned
for malicious code, unauthorized sensitive data, insecure
operating configurations, and various other known security
weaknesses that are independent of known signatures or
behaviors. Identified endpoints can then be remediated to
bring the device back into a secure state that meets with
internal compliancy requirements.
Finally, certain elements of the newly exposed malware
can be retained and scanned against on an ongoing basis to
ensure the threat or similar threats are not reintroduced into
your environment. Information gleaned through a proper
incident management framework gives your security team
the intelligence they need to better tailor defenses against
subsequent attack and to move away from the never-ending
game of “malware whack-a-mole.”
About FishNet Security
We Focus on the Threat so You can Focus on the Opportunity.
Committed to security excellence, FishNet Security is the #1 provider of information security solutions that combine
technology, services, support and training. FishNet Security solutions have enabled more than 5,000 clients to better
manage risk, meet compliance requirements and reduce cost while maximizing security effectiveness and operational
efficiency. For more information about FishNet Security, visit www.fishnetsecurity.com.
ID#11SS0037
Last Modified 09.20.2011
Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2011 FishNet Security. All rights reserved.