AccessData Group, the largest digital forensics technology company in the U.S. by revenue, today announced that it will introduce Version 2 of its Cyber Intelligence & Response Technology (CIRT 2) security platform at Black Hat USA 2012, July 21-26 in Las Vegas. CIRT is expected to have a major impact on enterprise IT security by delivering network forensics, computer forensics, large-scale data auditing, malware analysis and remediation capabilities in a single product. CIRT 2 enables incident responders and information assurance teams to view all critical data through a single pane of glass. It introduces Cerberus, the first integrated malware analysis and triage technology of its kind; in addition, CIRT 2 introduces removable media monitoring and now integrates with third-party alerting and security management platforms to allow CIRT to respond automatically when alerts are triggered…Black Hat USA is the premiere conference on Information Security (IS) in the U.S. The event brings together IS thought leaders from the corporate and government sectors, academia and even underground researchers, in highly technical sessions designed to share knowledge and insights. AccessData is a Silver Sponsor of Black Hat USA 2012.
In the age of advanced exploits such as Flame and Stuxnet, reliance on signature-based tools and data leakage prevention products is not enough, claims Jason Mical, director of network forensics at AccessData. “IDS, DLP and other tools of this kind don’t catch intrusions or leaked data unless you tell them specifically what to look for,” stated Mical.
CIRT is a total security framework that gives users the power to detect the unknown, greatly enhancing their ability to protect information assets from both internal and external threats. By correlating network and host data within a single interface, it allows security personnel to be unusually proactive in how they detect, analyze and remediate security breaches and data leakage.
The inclusion of AccessData’s Cerberus malware triage technology into the CIRT 2 platform achieves an even higher level of effectiveness. Cerberus allows first and second responders to automatically triage malware, determining behavior and intent without waiting for a specialized malware team. Its two-stage protocol quickly tallies a “threat score” approximating how dangerous a binary might be, followed by much more complex disassembly analysis that gives incident responders actionable intelligence without waiting for sandbox analysis.
“Today, when an organization discovers it has been compromised, it is often by accident and usually long after widespread damage has occurred,” noted Mical. “CIRT is designed to provide 360-degree visibility into what is happening across your enterprise to speed detection, root cause analysis and thorough remediation.”
Key features of CIRT 2 include the following:
Correlate network and host analysis to quickly determine root cause and more effectively chase down advanced exploits and data spillage.
Identify and triage suspected malware, determining behavior and intent without the sandbox or reliance on signature-based tools.
Perform proactive and reactive enterprise audits to identify data spillage, such as personally identifiable information, payment card information or classified documents.
Play back security incidents in real-time to gain a better understanding of an exploit or data spill.
Build threat profiles and monitor to prevent incident recurrence.
Continuously monitor the network and information assets, including removable devices, on or off the organization’s network.
Perform batch remediation.
July 26th Briefings
In addition to its demonstrations of CIRT 2 from its Black Hat exhibit at Booth 534, AccessData will conduct mini-briefings on Thursday, July 26th in the Octavius conference area’s Verona meeting room. One attendee at each briefing will win a high-end laptop.
Times for the mini-briefings will be 8:15-8:35 am; 11:15-11:35 am; 1:00-1:20 pm; and 4:30-4:50 pm.
About AccessData Group:
AccessData Group has pioneered digital investigations and litigation support for 25 years. Its family of stand-alone and enterprise-class solutions, including FTK, SilentRunner, Summation and the CIRT security framework, enable digital investigations of any kind, including computer forensics, incident response, e-discovery, legal review and compliance auditing. More than 130,000 users in law enforcement, government agencies, corporations and law firms worldwide rely on AccessData software solutions and its premier digital investigation and hosted review services. AccessData is also a leading provider of digital forensics and litigation support training and certification. www.accessdata.com.
Steve Fiore, 847-415-9329